SOC Analyst

The work

The SOC Analyst is a vital member of the Security Operations Center (SOC), serving as the first line of defense against cyber threats. This role involves continuous monitoring of security systems, analyzing alerts, identifying potential incidents, and responding swiftly to mitigate risks. Analysts leverage a variety of security tools, threat intelligence, and established procedures to maintain a strong security posture. This role requires a blend of technical expertise, analytical thinking, strong communication skills, and a commitment to continuous learning.

Key Responsibilities:

• Continuous Monitoring: Actively monitoring security systems, including SIEM (Splunk), IDS/IPS (e.g., Snort, Suricata), EDR (e.g., CrowdStrike Falcon, SentinelOne), firewalls, and other security devices, for suspicious activity.
• Alert Triage and Analysis: Reviewing and analyzing security alerts, distinguishing between true threats and false positives, and prioritizing incidents based on severity.
• Incident Response: Participating in incident response activities, including incident triage, containment, eradication, and recovery, following established incident response procedures.
• Log Analysis and Correlation: Analyzing security logs from various sources to identify patterns, anomalies, and potential security incidents.
• Threat Intelligence: Utilizing threat intelligence feeds to stay informed about emerging threats and vulnerabilities and incorporating threat intelligence into security monitoring and incident response.
• Documentation and Reporting: Creating detailed reports of security incidents, documenting incident timelines, actions taken, and lessons learned.
• Security Tool Management: Assisting in configuring, maintaining, and tuning security tools.
• Compliance: Contributing to compliance efforts by adhering to relevant security policies, standards, and regulations (e.g., NIST/FISMA)
• Collaboration: Working closely with other SOC analysts, incident responders, and IT teams to ensure effective security operations.
• Continuous Learning: Staying up to date with the latest cybersecurity threats, vulnerabilities, and technologies.

Key responsibilities:

• Actively monitor SIEM, IDS/IPS, EDR, firewalls, and other security systems for suspicious activity
• Triage and analyze security alerts, identifying true threats vs. false positives
• Support incident response activities including triage, containment, eradication, and recovery
• Analyze security logs and correlate events across multiple sources
• Integrate threat intelligence into monitoring workflows and incident investigations
• Document incident details, timelines, and actions taken
• Assist in tuning, configuring, and maintaining security tools
• Support compliance initiatives aligned to NIST, FISMA, and internal policies
• Collaborate with SOC team members, incident responders, and IT operations
• Maintain awareness of emerging cyber threats, vulnerabilities, and security practices

Here’s what you need:

• Bachelor's degree in computer science, information technology, or a related field (or equivalent experience).  
• 6+ years of experience in a SOC or related security environment.
• Strong understanding of networking concepts and protocols (TCP/IP, DNS, HTTP, etc.).
• Proficiency in using SIEM tools (Splunk) – advanced to master skill in Splunk Processing Language
• Familiarity with IDS/IPS, EDR, and other security technologies.
• Knowledge of common operating systems (Windows, Linux, macOS)

Nice to have:

• Relevant certifications (Security+, CompTIA CySA+, CEH, etc.) are a plus.
• Basic to intermediate knowledge of scripting languages (Python, Bash) for automation.
• Knowledge of cloud security concepts.

Eligibility requirements:

• Must be able to obtain and maintain a Public Trust government clearance
• Ability to work shift schedules as part of a 24/7 SOC operation