Senior Security Operations Center (SOC) Analyst

Sev1Tech•Colorado Springs, CO

3h•$120,000 - $140,000•Hybrid

About The Position

Join Sev1Tech as a Senior SOC Analyst! In this mission-critical role, you will support the design, implementation, and operation of meshONE-T, the ground component of the United States Space Force’s meshONE enterprise. You will provide cybersecurity monitoring, threat detection, incident response, and vulnerability management in alignment with Department of Defense (DoD) cybersecurity policies, including DoD Instruction 8040.03, the Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF), and DISA STIG compliance. This position directly supports the cybersecurity posture of Air Force and Space Force systems. If you thrive in fast-paced environments and are passionate about defending mission-critical networks, we invite you to join our innovative team in Colorado Springs, CO. JOB OVERVIEW As a Senior SOC Analyst, you will: Monitor, analyze, and respond to security events using SIEM tools. Perform threat and vulnerability analysis and incident response. Support penetration testing, cyber assessments, and risk mitigation activities. Ensure compliance with DISA STIGs, RMF controls, and DoD cybersecurity policies. Collaborate with administrators and mission partners to harden systems and remediate vulnerabilities. Contribute to contingency planning (CP) and incident response (IR), and Continuity Of Operations (COOP) exercises. Support audit preparation and lead security assessments as required. Lead coordinated incident response efforts by executing detection, containment, eradication, and recovery activities in accordance with NIST SP 800-61 Rev. 3 guidelines; document all actions taken, conduct root cause analysis, and provide after-action reporting to strengthen organizational resilience.

Requirements

Hold a bachelor’s degree in computer science, IT, cybersecurity, or related field; or 4+ years of equivalent experience.
Must hold DoD 8570.01-M IAT Level II certification or higher (e.g., Security+ CE, CySA+, CASP+, SecurityX, CISSP).
Experience with DoD RMF, NIST 800-53 controls, and cybersecurity compliance processes.
Hands-on experience with SIEM, IDS/IPS, endpoint protection, and vulnerability management tools.
Familiarity with incident response, DISA STIG compliance, and system hardening.
Security Clearance: Top Secret/SCI Eligible.

Nice To Haves

Experience with penetration testing and adversary TTPs.
Experience supporting cybersecurity in DoD or Federal environments.
Cloud security experience (AWS, Azure, or hybrid cloud).
Scripting/automation skills (Python, PowerShell, Bash).
Familiarity with Zero Trust principles and the DoD CIO Zero Trust Strategy.

Responsibilities

Proactively monitor SIEM, IDS/IPS, and endpoint security tools for suspicious activity and indicators of compromise (IOCs).
Correlate security events from multiple data sources to identify potential intrusions.
Escalate confirmed incidents and coordinate with stakeholders for rapid response.
Conduct vulnerability scans across networks, systems, and applications; prioritize remediation based on risk.
Track, patch, and verify remediation efforts to ensure compliance with DoD STIGs and NIST controls.
Provide mitigation strategies for zero-day vulnerabilities or delayed patches.
Lead containment, eradication, and recovery efforts during active cyber incidents.
Document all incident response actions for lessons learned and continuous improvement.
Support tabletop exercises and live simulations to test incident readiness.
Support RMF activities by implementing and assessing NIST SP 800-53 Rev. 5 security controls.
Assist in preparation and maintenance of ATO packages for FISMA Moderate and High environments.
Provide risk analysis and recommendations to leadership in accordance with DoD Instruction 8040.03.
Support Red Team, Blue Team, and Purple Team operations to validate network defenses.
Perform penetration testing and emulate adversary TTPs to uncover weaknesses.
Develop remediation plans in collaboration with engineers and administrators.
Prepare audit-ready documentation for all applicable compliance frameworks (RMF, FISMA, FedRAMP, HIPAA, SOX, ISO).
Participate in internal and external audits by providing evidence of control implementation.
Track findings, provide corrective action plans, and ensure timely closure of audit items.
Coordinate with system administrators, engineers, and mission partners to implement secure configurations.
Provide cybersecurity awareness training to technical and non-technical staff.
Participate in cross-functional working groups to share threat intelligence and best practices.