SOC Analyst

Expression•Washington, DC

7d•Onsite

About The Position

Expression is seeking a SOC Analyst to join our team in support of the National Telecommunications and Information Administration (NTIA) ISCOM Division. In this role, you will provide cyber threat monitoring, analysis, and incident response support that strengthens program situational awareness and ensures resilience of critical federal networks. You will support Tier 1 and Tier 2 SOC operations, contribute to SOC playbook development, and help mature cyber defense strategies in a mission-focused environment.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field; OR equivalent certifications (CompTIA Security+, CISSP, GCIH, GCIA).
Minimum of 4 years of experience in security operations, incident response, or cyber threat analysis.
Strong knowledge of SOC operations, incident detection, and response workflows.
Familiarity with malware analysis, network forensics, and packet-level inspection.
Excellent analytical, problem-solving, and communication skills.
Active Secret or Top Secret clearance required (U.S. Citizenship required)

Nice To Haves

Advanced certifications such as CISSP, GCFA, GCIH, GCIA, or equivalent.
Prior experience supporting NTIA, Department of Commerce, or other federal civilian agencies.
Hands-on experience with SIEM platforms, IDS/IPS, and endpoint monitoring tools.
Familiarity with the NIST Cybersecurity Framework and Risk Management Framework (RMF).
Experience developing and maturing SOC playbooks, processes, and detection capabilities.

Responsibilities

Monitor, detect, and analyze security threats, risks, and alerts using SOC tools, and initiate escalation as required.
Conduct cyber threat analysis and contribute to reports for program situational awareness.
Provide Tier 1 response to security incidents and support escalation to Tier 2 during high-volume or critical events.
Conduct functional incident response teams during shifts, ensuring accountability and effective resolution.
Conduct malware analysis (static and dynamic) and assess Indicators of Compromise (IOCs).
Perform network forensics and deep packet inspection to investigate intrusions.
Implement remediation strategies and support recovery activities after incidents.
Recommend process improvements and create new detection content to strengthen SOC operations.
Conduct proactive monthly threat hunts and provide reports to stakeholders.
Collaborate with cyber teams for incident escalation, coordinated responses, and SOC policy/procedure development.