CBO - Tier 3 SOC Analyst
About The Position
cFocus Software is seeking a Tier 3 SOC Analyst to join their program supporting the Congressional Budget Office (CBO). This is a remote position that requires an active Public Trust clearance. The role involves leading investigations for complex and high-severity security incidents, performing advanced threat hunting, conducting digital forensics, and optimizing detection rules. The analyst will also be responsible for overseeing incident lifecycle management, improving SOC playbooks, mentoring junior analysts, identifying security control gaps, and supporting red/purple team exercises. The position requires expertise in incident response, threat hunting, detection engineering, and a deep understanding of various security tools and frameworks.
Requirements
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 5+ years of SOC Analyst experience
- Expert knowledge of incident response, threat hunting, and detection engineering
- Advanced experience with Microsoft Sentinel (SIEM) and Microsoft Defender tools
- Strong understanding of MITRE ATT&CK framework and adversary tactics
- Experience with digital forensics and malware analysis techniques
- Ability to analyze logs across identity, endpoint, network, and cloud environments
- Strong knowledge of AWS logs (CloudTrail, VPC Flow Logs) and enterprise security tools
- Experience with KQL (Kusto Query Language) and advanced correlation analysis
- Deep understanding of NIST frameworks (800-53, 800-61, 800-92) and Zero Trust principles
- Experience with SOAR platforms and automation (Logic Apps, Sentinel playbooks)
- Experience supporting federal environments and compliance (CUI, FTI, NIST, IRS 1075)
- Experience leading incident response engagements and reporting to leadership
Nice To Haves
- GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g., AWS security)
- Privacy certifications (e.g., CIPP/US, CIPM) where applicable
Responsibilities
- Lead investigation and response for complex and high-severity security incidents
- Perform advanced threat hunting using Microsoft Sentinel and Defender platforms
- Conduct digital forensics, malware analysis, and root cause analysis (RCA)
- Develop, tune, and optimize detection rules, analytics, and correlation logic
- Map detections and activities to MITRE ATT&CK framework
- Oversee incident lifecycle management (detection through containment, eradication, and recovery)
- Support and improve SOC playbooks, automation workflows, and response procedures
- Provide mentorship and guidance to Tier I and Tier II analysts
- Identify security control gaps and recommend remediation strategies
- Support red team, purple team, and adversary emulation exercises
- Contribute to incident reports, quarterly threat reviews, and executive briefings
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Number of Employees
1-10 employees
