Tier 2 SOC Analyst

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc.

Who we’re looking for:

We are seeking a Tier 2 SOC Analyst for a potential opportunity, with strong analytical skills and hands-on experience in incident investigation and threat detection. The ideal candidate will support cybersecurity response efforts by analyzing escalated events and applying threat intelligence to improve situational awareness. The Tier 2 SOC Analyst role is responsible for performing log correlation, threat hunting and forensic analysis in support of an evolving federal cybersecurity mission. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market. Employment for this position is dependent on the successful award of the contract.

What you’ll be doing:

• Analyze and investigate escalated security events from Tier 1 analysts, including anomalous user behavior, malware infections and network intrusions.
• Perform threat hunting and log correlation using SIEM platforms (e.g., Splunk, QRadar, ELK, ArcSight).
• Assist with incident response activities, including containment, eradication and recovery under the direction of senior analysts or incident handlers.
• Conduct root cause analysis on confirmed incidents and recommend preventive actions.
• Develop and update SOC playbooks, detection rules and procedures for common security events.
• Monitor threat intelligence feeds and apply relevant indicators to ongoing investigations.
• Participate in vulnerability and threat assessments and recommend improvements to detection capabilities.
• Work with engineering teams to tune detection rules, integrate new log sources and improve SOC visibility.
• Document analysis steps, timelines and technical findings in support of incident response and reporting.
• Maintain compliance with government cybersecurity policies and assist with audit preparation.

What you need to know:

• Hands-on experience with one or more SIEM tools (e.g., Splunk, QRadar, ArcSight).
• Solid understanding of network protocols (TCP/IP, DNS, HTTP/S) and operating system logs (Windows/Linux).
• Experience with intrusion detection systems (IDS/IPS), endpoint detection and response (EDR) or packet capture tools.
• Familiarity with incident handling and investigation procedures.
• Knowledge of threat actor tactics, techniques and procedures (TTPs) and frameworks like MITRE ATT&CK.
• Strong communication and technical writing skills for reporting and documentation.

Must have’s:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering or a related field.
• 3+ years of relevant experience.
• Security+ certification (CompTIA) or equivalent (e.g., SSCP, GSEC, CySA+).
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Must be a U.S. citizen and eligible to obtain and maintain a security clearance, in compliance with federal contract requirements.

Beneficial to have:

• Experience supporting federal cybersecurity programs or working in a compliance-driven environment.
• Familiarity with FISMA, NIST 800-53, DISA STIGs and other government cybersecurity standards.
• Experience with malware analysis, scripting (Python, PowerShell) or packet analysis tools (e.g., Wireshark).
• Hands-on experience with EDR platforms (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint).
• Incident response training or certifications (e.g., GCIA, GCIH, ECIH or similar).

Where it’s done:

• Onsite (Washington, D.C. or Fort Worth, TX).
• This position may require participation in a rotating shift schedule or on-call support.