Senior Cyber Security Analyst (Tier II SOC Analyst)

About The Position

Requirements

• High School Diploma or equivalent.
• More than 1 year of experience in Cyber Security, SOC operations, or Incident Response, with a strong preference for 3–7 years in SOC or cyber defense roles with growing investigative leadership.
• Demonstrated experience working with security monitoring tools or SIEM platforms to investigate and respond to security incidents.
• Proven ability to lead incident analysis, direct Tier 1 analysts, and manage multiple concurrent incidents in a high‑pressure SOC environment.
• Strong analytical and investigative mindset with the ability to reconstruct attack paths and distinguish true positives from noise.
• Excellent written and verbal communication skills for documenting investigations, presenting findings, and coordinating with technical and non‑technical stakeholders.
• U.S. citizenship, with the ability to satisfy client background investigation requirements in a federal IT environment.

Nice To Haves

• Cybersecurity certifications such as CompTIA CySA+, CEH, SC‑200, or CISSP (or active progress toward one or more of these).
• Prior supervisory, team lead, or shift lead experience in a Security Operations Center, incident response, or cyber defense environment, including experience coordinating and guiding the work of junior analysts.
• Hands‑on experience with enterprise SIEM and EDR platforms such as Splunk, Microsoft Sentinel, IBM QRadar, and leading EDR tools, including creation and tuning of detection content.
• Familiarity with MITRE ATT&CK, threat intelligence analysis, and modern adversary techniques, tactics, and procedures.
• Post‑secondary education in Cybersecurity, Information Security, Computer Science, or a related technical discipline.
• Experience contributing to post‑incident reviews and implementing corrective actions that improve SOC processes and controls.

Responsibilities

• Serve as an escalation point for Tier 1 analysts, validating their findings, directing deeper analysis, and determining appropriate containment and remediation actions for complex incidents.
• Perform advanced correlation and analysis across SIEM events, EDR telemetry, network sensors, and identity logs to reconstruct attack chains and determine incident scope and impact.
• Lead incident handling for significant cases by coordinating with infrastructure, application, and business stakeholders to contain threats, restore services, and limit business disruption.
• Tune and develop SIEM and detection content, including correlation rules, analytic queries, and dashboards, to improve detection fidelity and align with frameworks such as MITRE ATT&CK.
• Use threat intelligence and contextual data to enrich investigations, identify attacker objectives, and recommend durable control and process improvements.
• Guide and mentor junior SOC analysts on investigation techniques, documentation standards, and communication practices, helping to mature SOC processes and capabilities.
• Conduct or participate in targeted threat hunting activities to proactively identify hidden threats, misconfigurations, or monitoring gaps in the environment.
• Collaborate with SOC leadership to contribute to post‑incident reviews and drive follow‑up actions that strengthen playbooks, tooling, and overall security posture.

Benefits

• Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.