SOC Analyst

About the role

We are seeking a proactive and detail-oriented Security Operations Center (SOC) Analyst to join our team enhance our cybersecurity operations. As a SOC Analyst, you will monitor, detect, and respond to cybersecurity threats and incidents across critical federal government mission systems and networks. You will work in a fast-paced environment as part of a team dedicated to maintaining the highest levels of security for critical government missions. Your role will include analyzing security event data, escalating potential threats, and contributing to continuous security improvements.

What you'll do

• Monitor security information and event management (SIEM) systems for alerts, anomalies, and incidents.
• Conduct real-time threat analysis and triage security events to determine their impact and urgency.
• Investigate and respond to security incidents by following established procedures and playbooks.
• Analyze and report on vulnerabilities using Tenable SecurityCenter and similar tools.
• Help collect and integrate data from disconnected mission system environments to develop centralized visibility.
• Perform log analysis and review data from various tools, including intrusion detection/prevention systems (IDS/IPS), firewalls, and endpoint protection solutions.
• Provide detailed incident reports and recommend mitigation strategies to reduce future risk.
• Assist in the tuning and optimization of SOC tools and technologies to enhance detection capabilities.
• Participate in red/blue team exercises and simulations to improve SOC readiness.
• Support compliance and audit activities by maintaining incident response logs and reports.
• Stay current with the latest cybersecurity trends, tools, and techniques to ensure an effective response to evolving threats.

Qualifications

• Proficiency in vulnerability and endpoint management tools such as Tenable SecurityCenter/Nessus, AppScan, BigFix, and Trellix ePolicy Orchestrator.
• Familiarity with SIEM tools such as Tripwire Log Center, Splunk, ArcSight, QRadar, or similar platforms.
• Experience with endpoint detection and response (EDR) solutions and vulnerability scanning tools.
• Knowledge of incident response frameworks and procedures.
• Hands-on experience with scripting and/or automating data review, analysis, and reporting using Python or similar languages and databases.
• Experience supporting new federal government directives such as CISA Binding Operational Directives (BOD) and Emergency Directives (ED).
• Knowledge of intrusion detection and prevention systems, firewalls, and other network security technologies.
• Experience with Jira, Confluence, and other workflow, project management, collaboration, and system administration/monitoring tools.
• Strong understanding of federal cybersecurity compliance frameworks, such as FISMA, RMF, or NIST 800-53.
• Knowledge of operational challenges in complex or isolated networks.
• Strong analytical skills and the ability to interpret complex technical data.
• Excellent written and verbal communication skills for reporting and collaboration.
• Experience working in federal government environments, especially NOAA or similar mission-oriented, scientific, or space-based programs, is highly preferred.
• Familiarity with cloud security frameworks (AWS, Azure, or other platforms) is preferred.

Education and Experience

• BS in Cybersecurity, Computer Science, Engineering, related disciplines or equivalent.
• 6+ years of experience in a SOC environment or similar cybersecurity role.
• At least one relevant security or incident response certification from ISC2, ISACA, CompTIA, or GIAC such as CISSP, GCIH, CEH, or Security+.

Must be a U.S. Citizen or Permanent Resident who has lived in the United States for at least 3 of the last 5 years and be able to pass a background investigation to obtain a security badge to access applicable government facilities and systems.