Tier 2 SOC Analyst with Security Clearance

You will need to login before you can apply for a job.

They are hiring 2 people for shift work, one per shift, M–F, 1 person, and 1 person.

The position entails working in a Network Operations and Security Center (NOSC), where the team is responsible for monitoring security and health alerts for systems on 14 different networks. The ideal candidate will lead the security mission in the NOSC by providing training to junior analysts, reviewing reports written by them, tuning tools for anomalous detection, and preparing reports, presentations, and executive summaries.

1. Analyze and investigate escalated alerts from Tier 1 analysts using tools such as SIEM, EDR, IDS/IPS, and network monitoring solutions.
2. Perform advanced log analysis, PCAP review, and endpoint investigations to determine threats' nature and scope.
3. Lead incident response activities for escalated events, collaborating with Tier 3 analysts for complex or high-severity incidents.
4. Prepare detailed incident reports and deliver briefings to internal stakeholders, including senior leadership.
5. Collaborate with Tier 3 analysts, system administrators, and other IT teams to implement mitigation strategies.
6. Mentor and provide technical guidance to Tier 1 NSOC analysts, including training on incident handling and response procedures.
7. Assist in tuning detection tools and developing use cases for anomalous activity detection.
8. Develop, update, and maintain comprehensive documentation ensuring accuracy and alignment with current protocols and best practices.

• Experience as a Task Lead, Team Lead, or Shift Lead is preferred.
• DoD Top Secret Clearance with SCI/SAP eligibility is required.
• Proficiency with SIEM platforms (e.g., Splunk) and endpoint detection tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender) for 3+ years.
• Certifications such as DoD 8140 Cyber Incident Responder Certification (Security+, CySA+, or equivalent) are required.
• Preferred certifications include GCIH, GCFA, Cloud+, GCSA.
• Strong understanding of network protocols, packet analysis, and tools like Wireshark or Zeek.
• Experience with IDS/IPS/NDR/EDR tools (e.g., Snort, Suricata, Bricata).
• Ability to analyze logs, correlate data, and detect adversary TTPs.
• Familiarity with threat intelligence frameworks like MITRE ATT&CK, Cyber Kill Chain, and IOC analysis.
• Basic scripting or automation skills (e.g., Python, PowerShell, Bash).