SOC Analyst - Tier 2 with Security Clearance

You will need to login before you can apply for a job.

Overview
To be successful in this position, you need to be collaborative and able to lead the technical mission on your shift. You should be a self-starter, completing your tasks independently while conducting quality assurance on the tasks of others. Effective teamwork is critical, as you will interface with the Government and senior staff, requiring articulate verbal and written communication of complex technical concepts in plain business language.

Summary
This role involves working in a Network Operations and Security Center (NOSC), monitoring security and health alerts across 14 networks. The ideal candidate will lead the security mission by training junior analysts, reviewing their reports, tuning detection tools, and preparing reports, presentations, and summaries for executives.

Work Schedule
The position involves 8-hour shifts on business days, with occasional on-call support during weekends (details to be discussed during the interview). Shifts include:

• 6 AM – 2 PM
• 2 PM – 10 PM
• 10 PM – 6 AM

Key Responsibilities

• Analyze and investigate escalated alerts using SIEM, EDR, IDS/IPS, and network monitoring tools.
• Perform advanced log analysis, PCAP reviews, and endpoint investigations.
• Lead incident response activities for escalated events, collaborating with Tier 3 analysts.
• Prepare incident reports and briefings for stakeholders, including senior leadership.
• Collaborate with IT teams to implement mitigation strategies.
• Mentor and guide Tier 1 analysts, including training on incident response procedures.
• Assist in tuning detection tools and developing use cases for anomaly detection.
• Maintain documentation to ensure accuracy and protocol adherence.

Required Qualifications

• Leadership: 2+ years mentoring or leading incident response efforts.
• Education: Bachelor's degree in Cybersecurity, IT, Computer Science, or related field (or equivalent experience).
• Experience: 3–6 years in SOC or cybersecurity operations, with proven incident investigation and response skills.
• Technical Skills: Proficiency with SIEM platforms (e.g., Splunk), endpoint detection tools (e.g., CrowdStrike), network analysis tools (Wireshark, Zeek), IDS/IPS/NDR/EDR tools, log analysis, and scripting skills (Python, PowerShell, Bash).
• Certifications: DoD 8140 Cyber Incident Responder Certification (Security+, CySA+, or equivalent). Preferred: GCIH, GCFA, Cloud+, GCSA.
• Security Clearance: DoD Top Secret with SCI/SAP eligibility.
• Soft Skills: Analytical, critical thinking, excellent communication, mentorship, and teamwork abilities.

Preferred Qualifications

• Experience with forensic tools (FTK, EnCase, Volatility).
• Cloud security monitoring experience (AWS, Azure, GCP).
• Familiarity with Threat Hunting methodologies and tools.
• Participation in a DOD CSSP Inspection.