Tier 3 SOC Analyst
About The Position
CGI Federal is strengthening its Security Operations Center (SOC) in Knoxville, TN, responding to the increasingly sophisticated landscape of cyber threats. Our analysts are at the forefront of safeguarding federal systems and sensitive data, making their contributions essential to our operations. For senior-level cybersecurity professionals eager to gain practical SOC experience, this role presents an exceptional opportunity. You'll have direct access to state-of-the-art detection and response technologies, along with a clear path toward specialization in areas such as threat intelligence, incident response, automation, and cloud security. Joining our team means becoming part of a collaborative, mission-driven environment. You'll work alongside seasoned analysts and benefit from comprehensive operational playbooks, ensuring consistency and excellence in service delivery. This setting not only fosters professional growth but also empowers you to make a meaningful impact in the realm of cybersecurity. This position is located in our Knoxville, TN office; however, a hybrid working model is acceptable. This role does not require shift work but requires on call supporting 24x7x365 operations.
Requirements
- A strong background in cybersecurity, information security, or information technology.
- 5=+ years SOC monitoring, incident response or threat analysis
- BA/BS or equivalent SOC experience (5+ years)
- Deep understanding of network fundamentals, Windows/Linux systems and security tools
- High proficiency with the use SIEM, EDR/XDR, cloud security monitoring tools.
- Deep understanding of network protocols, operating systems (Windows/Linux), malware behavior, and common attack tactics (TTPs)
- Previous experience performing Forensics collections.
- Excellent verbal and written communication skills.
- Ability to remain calm and effective in a fast-paced, team-oriented environment.
- Demonstrated analytical and problem-solving skills.
- US Citizenship, with eligibility to obtain a public trust clearance.
Nice To Haves
- Proficiency at least one security tool query language (SPL, KQL, XQL)
- Proficiency in at least one programing language, such as Python or JavaScript.
- Certifications such as CISSP, Security+, GCIH, ECIH, or CySA+.
Responsibilities
- Monitor, analyze, and triage security events and alerts generated by the client's SIEM in a 24x7x365 SOC environment
- Perform advanced incident response activities, including investigation, containment, eradication, and recovery
- Experienced with Forensic, collections, and investigation
- Conduct deep-dive analysis of security alerts to identify malicious activity and potential threats
- Analyze logs and data from various sources including firewalls, IDS/IPS, endpoints, and network devices
- Leverage tools such as Splunk, Tanium, Trellix (McAfee ePO), Zscaler, Microsoft Defender, and FireEye for threat detection and response
- Escalate and coordinate incidents as appropriate, providing detailed documentation and reporting
- Support continuous improvement of SOC processes, detection use cases, and response procedures
- Maintain awareness of emerging threats, vulnerabilities, and attack vectors
Benefits
- Competitive compensation
- Comprehensive insurance options
- Matching contributions through the 401(k) plan and the share purchase plan
- Paid time off for vacation, holidays, and sick time
- Paid parental leave
- Learning opportunities and tuition assistance
- Wellness and Well-being programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Associate degree
