Tier 2 SOC Analyst
About The Position
CGI Federal is expanding its Security Operations Center (SOC) capabilities in Knoxville, TN. As cyber threats become more advanced, our analysts play a critical role in protecting federal systems and sensitive information. This opportunity is ideal for early-career to mid-level cybersecurity professionals seeking hands-on SOC experience, access to modern detection and response technologies, and a clear pathway to specializations such as threat intelligence, incident response, automation, and cloud security. Candidates will join a collaborative, mission-focused environment supported by experienced analysts and operational playbooks to ensure consistent service delivery. This position is located in our Knoxville, TN office; however, a hybrid working model is acceptable. This role requires shift work, operating on 12-hour shifts on the Panama 2-2-3 Rotation: Teams work 2 days, off 2 days, work 3 days, off 2 days, work 2 days, off 3 days.
Requirements
- A strong background in cybersecurity, information security, or information technology.
- 2-5 years SOC monitoring, incident response or threat analysis
- Understanding of network fundamentals, Windows/Linux systems and security tools
- Familiarity with SIEM, EDR/XDR or cloud security monitoring tools.
- Deep understanding of network protocols, operating systems (Windows/Linux), malware behavior, and common attack tactics (TTPs)
- Excellent verbal and written communication skills.
- Ability to remain calm and effective in a fast-paced, team-oriented environment.
- Demonstrated analytical and problem-solving skills.
- US Citizenship, with eligibility to obtain a public trust clearance.
Nice To Haves
- Proficiency at least one security tool query language (SPL, KQL, XQL)
- Proficiency in at least one programing language, such as Python or JavaScript.
- Technical Knowledge: Deep understanding of network protocols, operating systems (Windows/Linux), malware behavior, and common attack tactics (TTPs).
- Certifications such as GCIH, ECIH, or CySA+.
Responsibilities
- Monitor and triage security events using playbooks, SIEM tools, and case management systems.
- Respond to alerts, escalations, identify false positives, and escalate incidents for deeper analysis and resolution.
- Collaborate with senior analysts and subject matter experts to resolve incidents and enhance detection capabilities.
- Contribute to the creation and continuous improvement of security runbooks and operational procedures.
- Support monthly reporting and contribute to threat and trend analysis.
- Stay current with emerging threats and participate in team training initiatives to expand your technical skills.
- Gain hands-on experience across a range of security technologies including Splunk, Microsoft Sentinel, Defender, CrowdStrike, Red Hat, AWS and Azure security services, and SOAR platforms.
Benefits
- Competitive compensation
- Comprehensive insurance options
- Matching contributions through the 401(k) plan and the share purchase plan
- Paid time off for vacation, holidays, and sick time
- Paid parental leave
- Learning opportunities and tuition assistance
- Wellness and Well-being programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
