Security Operations Center (SOC) Analyst, Senior

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following: Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (examples: 4C‑255S (CP); M03385G; M10395B; M223854; A‑531‑0451; A‑531‑4421; A‑531‑1900; Cyber Defense Analyst (Intermediate) Playlist; DISA (511) Training); OR Relevant professional certification or equivalent experience (examples: CEH(P); GMON; GRID; Cloud+; FITSP‑O; GCED; GDSA; GSEC; PenTest+; Security+).
• SOC, incident detection, or cybersecurity operations experience with substantial Tier‑1/Tier‑2 monitoring and triage responsibilities.
• Hands‑on experience with SIEM query languages and workflows, EDR investigation, log forensics, and cross-platform correlation.
• Familiarity executing containment actions, documenting chain‑of‑custody/evidence, and following incident playbooks.
• Strong analytical writing for case documentation, escalation summaries, and shift reporting; ability to synthesize technical detail for responders and leadership.
• Ability to identify tuning opportunities, manage false positives, and work collaboratively across SOC/CIRT/NOC teams.

Nice To Haves

• Prior DoD/ARNG SOC or operations center experience and familiarity with CDAP/CHAP/enterprise monitoring contexts.
• Experience mentoring analysts, contributing to SOC tuning programs, and supporting SOC metric/dashboard development.

Responsibilities

• Perform advanced Tier‑1 monitoring, triage, and initial alert analysis across SIEM, EDR, network security tools, cloud telemetry, and enterprise monitoring platforms.
• Review high‑volume alerts, correlate events across multiple data sources, and identify patterns indicative of targeted or multi‑stage activity.
• Execute Tier‑1 containment actions per playbooks (host isolation, account disablement, block rules) and validate immediate mitigations.
• Enrich alerts with contextual data, validate IOCs, document detailed case notes, and prepare high-quality escalations for Tier‑2/Tier‑3 and CIRT teams.
• Conduct deeper log analysis, cross‑platform correlation, and preliminary threat‑hunt queries to surface anomalies requiring escalation.
• Coordinate with Tier‑2 analysts, CIRT, and network operations to support incident response, provide contextual summaries, and recommend next steps.
• Monitor SIEM/tool performance, identify visibility gaps or misconfigurations, and recommend tuning to improve SOC coverage.
• Maintain and update Tier‑1 checklists, triage procedures, and playbooks; contribute tuning by identifying false‑positive patterns and rule adjustments.
• Mentor and guide junior analysts on triage best practices, tool usage, and case handling; produce shift summaries, daily operational reports, and incident tracking updates.
• Contribute to continuous improvement by refining workflows, adopting new SOC techniques, and enhancing frontline defensive effectiveness.