SOC Analyst II

American SystemsMonterey, CA
$39 - $44

About The Position

Now Hiring at AMERICAN SYSTEMS Epsilon, Inc. has joined AMERICAN SYSTEMS! As one organization, we offer expanded resources, streamlined operations, and increased opportunities for growth and development. Join us to be part of a dynamic, collaborative environment dedicated to innovation and customer success. As the SOC Analyst II, you will provide tier II cybersecurity support in a Security Operations Center “SOC” environment. Daily responsibilities of the SOC are ever changing, however, you can expect to regularly conduct vulnerability assessments, analyze cyber threats, monitor the email gateway and create reports on all confirmed or suspicious activities. You will work closely with the Tier I and other Tier II personnel to effectively and efficiently provide optimum service to our customers as well as assist with training SOC Analyst I team members when needed. Additionally, in this position you will: Use intrusion detection technologies to apply techniques for identifying host and network-based intrusions. Create, update, and resolve incident tickets that have been tasked to Tier II and appropriately document all alerts and incidents in the ticketing system. Review asset discovery and vulnerability assessment data. Lead incidents from alert to resolution: Leverage emerging threat intelligence (Indicators of Compromise, updated rules, etc.) to identify affected systems and the scope of the attack. Review and collect asset data (logs, configurations, running processes, ) on these systems for further investigation. Determine and direct remediation and recovery efforts including tasking of IHT1 as needed. Determine and request engineering, forensics, or threat intelligence support. Inform and brief status of incidents to CSOC manager, CISO, DCIO, or CIO. May manage and configure security monitoring tools (SIEM, IDS, Firewall, Access Control Lists, etc.) to mitigate existing threats / vulnerabilities. Interface and take guidance from the CSOC manager (government position). Review trouble tickets generated by Tier 1. Review threat intel and create notifications and share with specified personnel. Handle other tasks that tier II level of experience and talent can complete. Design incident response for cloud service models. Perform damage assessments. Preserve evidence integrity according to standard operating procedures or national standards. Protect networks against (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). Recognize and categorize types of vulnerabilities and associated attacks. Secure network communications. Use security event correlation Tools. Identify, capture, contain, and report malware. Utilize the SOC standard operating procedures (SOP) to perform daily tasks, resolve incidents and preserve evidence integrity. May provide input for and assist with updating procedures.

Requirements

  • U.S. Citizen
  • Active DOW Top Secret Clearance
  • At least three (3) years of professional experience in incident detection and response, malware analysis, or cyber forensics
  • Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
  • Hold at least one certification as required by Dept. of War (DoW) 8570.01-M and DoW Directive 8140.01, IAT Level II or higher
  • Hold at least one of the following additional certifications: CompTIA CASP+, GIAC GCIH, Microsoft AZ-500, Microsoft SC-200, Splunk Core Certified Advanced Power User
  • Extensive experience working with various security methodologies, standard operating procedures, processes, and workflows
  • Experience configuring and implementing various technical security solutions
  • Extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices
  • Experience with computer networking concepts, OSI model, and network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services, and network security
  • Experience with Host/network access control mechanisms (e.g., access control list, capabilities lists)
  • Experience with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
  • Experience with Network traffic analysis methods and packet-level
  • Experience with Cyber threats and vulnerabilities; cyber-attack stages, classes of attacks and attackers; cyber defense and information security policies, procedures, and Incident response and handling methodologies, incident categories, and timelines
  • Experience with Intrusion detection methodologies and techniques for detecting host and network-based intrusions
  • Experience with Malware analysis concepts and cloud service models and how those models can limit incident
  • Experience with Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • Experience with System administration, network, and operating system hardening techniques as well as data backup and
  • Experience with System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
  • Experience with JIRA (Atlassian issue tracking system)
  • Experience with Palo Alto Firewall
  • Experience with SNORT IDS
  • Experience with AlienVault SIEM
  • Experience with Barracuda Mail Spam / Virus Firewall
  • Experience with HBSS

Responsibilities

  • Provide tier II cybersecurity support in a Security Operations Center “SOC” environment.
  • Conduct vulnerability assessments.
  • Analyze cyber threats.
  • Monitor the email gateway.
  • Create reports on all confirmed or suspicious activities.
  • Work closely with Tier I and other Tier II personnel.
  • Assist with training SOC Analyst I team members.
  • Use intrusion detection technologies to apply techniques for identifying host and network-based intrusions.
  • Create, update, and resolve incident tickets tasked to Tier II and document all alerts and incidents in the ticketing system.
  • Review asset discovery and vulnerability assessment data.
  • Lead incidents from alert to resolution by leveraging emerging threat intelligence.
  • Identify affected systems and the scope of the attack.
  • Review and collect asset data (logs, configurations, running processes) on affected systems for further investigation.
  • Determine and direct remediation and recovery efforts.
  • Determine and request engineering, forensics, or threat intelligence support.
  • Inform and brief status of incidents to CSOC manager, CISO, DCIO, or CIO.
  • Manage and configure security monitoring tools (SIEM, IDS, Firewall, Access Control Lists, etc.) to mitigate existing threats / vulnerabilities.
  • Interface and take guidance from the CSOC manager.
  • Review trouble tickets generated by Tier 1.
  • Review threat intel and create notifications and share with specified personnel.
  • Handle other tasks that tier II level of experience and talent can complete.
  • Design incident response for cloud service models.
  • Perform damage assessments.
  • Preserve evidence integrity according to standard operating procedures or national standards.
  • Protect networks against (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
  • Recognize and categorize types of vulnerabilities and associated attacks.
  • Secure network communications.
  • Use security event correlation Tools.
  • Identify, capture, contain, and report malware.
  • Utilize the SOC standard operating procedures (SOP) to perform daily tasks, resolve incidents and preserve evidence integrity.
  • Provide input for and assist with updating procedures.

Benefits

  • healthcare benefits
  • paid leave
  • retirement plans
  • insurance programs
  • education and training assistance
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service