Security Operations Center Analyst

*This role is on site in Raleigh/Durham NC and will need the ability to eventually obtain a security clearance*Required Skills & ExperienceExperience: 1-3 years of professional experience in a Security Operations Center (SOC) or in a previous security analyst role involved with detection and response.Working knowledge of Splunk or similar SIEM platformsUnderstanding of common security threatsFamiliarity with cloud environments (AWS/Azure basics)Basic understanding of networking concepts and protocolsAbility to read and interpret security logsStrong analytical and problem-solving abilitiesExcellent written and verbal communication skillsDetail-oriented with strong documentation habitsTeam player with willingness to learn and adaptNice to Have Skills & ExperienceCertifications:Security+, CySA+, or similar entry-level certificationsMicrosoft Azure Fundamentals or AWS Cloud PractitionerPrior experience in an MSSP-type setting or handling alerts for several clientsExperience with ticketing systems (ServiceNow, Jira, etc.)Understanding of compliance frameworksExperience with Kusto Query Language (KQL)Job DescriptionWe are seeking a dedicated Security Operations Center (SOC) Analyst to join our team in delivering robust detection and response capabilities. As a key member of our 24/7 SOC, you will be responsible for monitoring our environment, triaging security alerts, and driving the investigation process. This role is essential to maintaining the security posture of our organization, requiring a candidate who can effectively operate within a 24/7 environment, participate in on-call rotations, and contribute to the continuous improvement of our defensive strategies.Key ResponsibilitiesSecurity Monitoring & Alert Triage:Monitor security alerts across a diverse stack, including Splunk SIEM, endpoint detection and response (Defender and Trend Micro), cloud security platforms (Wiz, AWS Security Hub, Guard Duty), data loss prevention (DLP) tools, and network telemetry.Conduct initial triage and investigation of security events to determine severity and potential business impact using Splunk and integrated security toolsCorrelate alerts across multiple data sources to identify attack patterns, differentiate true positives from false positives, and construct comprehensive incident timelines.Document investigative findings, evidence, and analysis within ticketing systems, ensuring clear and actionable details for seamless escalation.Escalate validated threats and complex incidents with thorough supporting documentation.SOC OperationsCollaborate in post-incident reviews to assist with the refinement of detection logic, updating of playbooks, and enhancement of response proceduresProvide feedback on coverage gaps and opportunities for automation based on daily experienceSupport metrics collection and reporting to measure operational effectivenessVulnerability ManagementReview and validate vulnerability scans from applicable toolsTrack remediation efforts and coordinate with system ownersMaintain awareness of current threat landscape#J-18808-Ljbffr

Government Careers

Show more