We are seeking a mid-level Tier 2 SOC Analyst to support one of our federal clients in identifying, analyzing, and responding to cybersecurity threats. As a Tier 2 Analyst, you will be responsible for conducting in-depth investigations, identifying threat patterns, and coordinating with incident response teams to ensure rapid containment and resolution of security incidents.
Role Description:
- Perform detailed analysis and triage of escalated alerts from Tier 1 analysts
- Investigate anomalies in logs and alerts using tools such as SIEM, EDR, IDS/IPS, and packet capture systems
- Correlate threat intelligence and IOCs with internal telemetry to identify malicious activity
- Assist in incident response activities: evidence collection, containment, eradication, and recovery
- Recommend improvements to detection rules and monitoring configurations
- Write detailed incident reports, root cause analyses, and recommendations for remediation
- Interface with engineering teams to help tune SOC tools and maintain security controls
- Develop playbooks and automation scripts to improve SOC efficiency
- Mentor Tier 1 analysts and provide guidance on investigation and escalation procedures
Required Qualifications & Education:
- Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or related field from a U.S. accredited college, university, or institution;
- Certifications: Security+, CySA+, CEH, or similar required; CISSP, GCIA, or GCIH preferred
- 3–5 years of experience in a cybersecurity or SOC environment
- Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar)
- Working knowledge of threat actor tactics, techniques, and procedures (TTPs)
- Proficiency in log analysis, malware behavior analysis, and packet-level inspection
- Familiarity with security frameworks such as NIST 800-53, MITRE ATT&CK, and ISO 27001
- Excellent problem-solving skills and attention to detail
Desired Qualifications
- Experience with Microsoft Sentinel, CrowdStrike Falcon, ExtraHop, or Cisco SecureX
- Scripting knowledge in Python, PowerShell, or Bash for automation and log parsing
- Familiarity with cloud security monitoring (AWS, Azure, M365)
- Experience with vulnerability scanning tools (e.g., Nessus, Tenable, Qualys)
- Experience working in or supporting federal agencies or cleared environments
Clearance and Location Requirements:
- Able to be cleared for a Public Trust clearance.
- This position requires to be onsite 3 days per week in Washington, DC.
