Cybersecurity / SOC Analyst

Position Summary

We are seeking a highly skilled Cybersecurity/SOC Analyst to support mission-critical cybersecurity operations for an IC customer. This position supports 24x7x365 Computer Network Defense (CND), threat monitoring, incident response, and cyber threat analysis activities within a classified enterprise environment.

The ideal candidate will possess experience supporting Security Operations Center (SOC) operations, advanced threat detection, and incident response functions within government or national security environments. Candidates should have a strong understanding of cyber adversary tactics, techniques, and procedures (TTPs), threat actor methodologies, malware analysis, and enterprise security monitoring technologies.

This role requires the ability to analyze complex security events, investigate anomalous activity, and coordinate rapid response actions to protect sensitive government systems and networks.

Key Responsibilities

• Provide continuous 24x7x365 monitoring, analysis, and response support for enterprise cyber defense operations.
• Conduct Computer Network Defense (CND) activities in support of Intelligence Community (IC) mission requirements.
• Monitor, analyze, triage, and respond to security events and cyber threats targeting enterprise infrastructure, networks, and endpoints.
• Perform incident handling, malware analysis, and threat investigations utilizing tools including Splunk Enterprise Security (ES), CrowdStrike Falcon, Tanium, and enterprise eDiscovery platforms.
• Validate security alerts through real-time log analysis and correlation to determine true positive incidents and initiate containment procedures.
• Escalate and document incidents in accordance with established SOC/CDOC operational procedures and federal reporting requirements.
• Analyze NetFlow data, packet captures (PCAP), DNS activity, and network traffic patterns to identify indicators of compromise (IOCs) and malicious behavior.
• Conduct intrusion analysis and support advanced threat detection efforts involving nation-state and advanced persistent threat (APT) actors.
• Track incidents and investigative activities within Security Operations Center workflows and ticket management systems.
• Develop and maintain detailed incident reports, threat summaries, and operational documentation for leadership and cybersecurity stakeholders.
• Collaborate with cyber defense, engineering, and intelligence teams to identify vulnerabilities and improve enterprise security posture.
• Assist with vulnerability assessments, remediation efforts, and implementation of defensive security measures.
• Support continuous monitoring initiatives and evaluate effectiveness of enterprise-wide information security controls.
• Maintain awareness of emerging cyber threats, Intelligence Community security directives, and evolving adversarial TTPs.

Required Qualifications

• Active TS/SCI or Q/SCI clearance required.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field; equivalent operational experience may be substituted.
• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD., 12 years with a HS Diploma
• 5+ years of experience supporting Security Operations Center (SOC), Computer Network Defense (CND), or cyber operations environments.
• Hands-on experience with:
• Splunk Enterprise Security (ES)
• CrowdStrike Falcon
• Tanium
• SIEM and log aggregation platforms
• Endpoint Detection and Response (EDR) tools
• Security ticketing and workflow management systems
• Experience performing:
• Incident response
• Threat hunting
• Malware analysis
• Alert triage and escalation
• Log correlation and forensic analysis
• Strong understanding of:
• TCP/IP protocol suite
• DNS
• Routing and switching concepts
• Network security architecture
• Remote access security technologies
• Enterprise security monitoring
• Experience analyzing:
• NetFlow data
• Packet captures (PCAP)
• Security event logs
• Indicators of compromise (IOCs)
• Knowledge of:
• MITRE ATT&CK framework
• Threat actors and adversary campaigns
• Cyber kill chain methodologies
• Intelligence Community cybersecurity operations
• Ability to communicate technical findings clearly through written reports and verbal briefings.

Preferred Qualifications

• Prior experience supporting Intelligence Community (IC), Department of Defense (DoD), or other Federal Government cybersecurity programs.
• Familiarity with CDOC/SOC operational environments and federal cybersecurity compliance frameworks.
• Experience with classified network environments and cross-domain security operations.
• Industry certifications such as:
• CompTIA Security+
• CySA+
• CEH
• GCIH
• GCIA
• CISSP
• Knowledge of:
• NIST 800-series publications
• RMF (Risk Management Framework)
• Continuous Diagnostics and Mitigation (CDM)
• Cyber threat intelligence analysis

#cboss