Security Operations Center (SOC) Analyst, Junior

About The Position

Requirements

• 0 years with BS/BA; 4 years no degree
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following:
• Relevant DoD/military training (examples: WCYBER200; 230‑25D30 (CP); M09CVQ1; Cyber Defense Analyst (Basic) Playlist); OR
• Relevant professional certification or equivalent experience (examples: CC; CEH; GFACT; GISF).
• Minimum 0–2 years SOC, incident detection, or cybersecurity operations experience (entry/junior level).
• Familiarity with SIEM workflows, basic log analysis, and security tool outputs (EDR, IDS, ACAS).
• Ability to document incidents clearly, follow playbooks, and escalate with actionable context.
• Good communication skills for coordinating with analysts and external stakeholders; attention to detail for evidence handling.

Nice To Haves

• Prior exposure to DoD/ARNG SOC operations, CDAP/CHAP contexts, or enterprise monitoring environments.
• Willingness to support shift work and on‑call rotations; basic scripting or automation familiarity (PowerShell/Python) is a plus.

Responsibilities

• Monitor SIEM, IDS/IPS, AESS, ACAS, firewall, endpoint, and other security telemetry to detect anomalous activity.
• Triage incoming phone calls, emails, and tickets; create and update incident cases with time‑stamped notes and initial evidence.
• Apply SOPs for incident handling, WCF/FPA screening, and policy‑driven responses; escalate events to Tier‑2 with clear risk descriptions and supporting artifacts.
• Maintain incident lifecycle status, update tickets, and document containment steps and preliminary findings.
• Coordinate with SOC analysts, CIRT, RCC‑ARNG, and state stakeholders to communicate event status and support situational awareness reporting.
• Perform basic log review and IOC validation; collect and preserve initial forensic artifacts for escalation.
• Follow escalation procedures and contribute to lessons learned and playbook refinements for frontline operations.