-
Summary
We are seeking a highly skilled and innovative Security Operations Center (SOC) Analyst, Journeyman to join our team in the greater DMV area, supporting the Army National Guard.Qualifications5 years with BS/BA; 3 years with MS/MA; 0 years with PhDClearance: Active TS/SCI clearance.Candidate must meet ONE of the following:Bachelor's degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; ORRelevant DoD/military training (examples: 4C‑255S (CP); M03385G; M10395B; M223854; A‑531‑0451; A‑531‑4421; A‑531‑1900; Cyber Defense Analyst (Intermediate) Playlist; DISA (511) Training); ORRelevant professional certification or equivalent experience (examples: CEH(P); GMON; GRID; Cloud+; FITSP‑O; GCED; GDSA; GSEC; PenTest+; Security+).Required experience and skills:SOC, incident response, or detection engineering experience with demonstrated Tier‑2 analysis responsibilities.Proficiency with SIEM query languages and alert investigation workflows, EDR triage, IDS/IPS signature logic, and log forensics.Experience authoring and tuning detection rules/signatures, validating IOCs, and documenting reproducible investigation artifacts.Strong analytical writing for incident summaries, technical briefs, and escalation packages; ability to coordinate cross‑team remediation actions.Desired:Prior DoD/ARNG SOC or detection engineering experience and familiarity with CDAP/CHAP operational contexts.Experience with threat‑hunting techniques, detection metrics (precision/recall), SOAR integrations, and mentoring junior analysts.ResponsibilitiesPerform advanced analysis of security events escalated from Tier 1: correlate SIEM logs, IDS/IPS alerts, EDR/endpoint telemetry, network flows, and threat‑intelligence feeds to identify true incidents.Investigate suspected compromises, conduct risk assessments for access requests, and develop initial countermeasure recommendations in coordination with SOC, CIRT, and RCC‑ARNG.Author, tune, and refine detection content (SIEM rules, IDS/IPS signatures, filters) to improve fidelity and reduce alert noise.Execute deeper forensic/log analysis, reconstruct timelines, and validate detections to support escalation and remediation workflows.Document investigation steps, produce incident summaries and technical inputs for SOC reports, and maintain case evidence and tickets.Coordinate with engineering and sensor owners on tuning, deployment of detection logic, WCF/FPA policy adjustments, and monitoring enhancements.Contribute to SOC playbook updates, detection engineering backlog, and continuous improvement initiatives to enhance detection and response capabilities.#J-18808-Ljbffr
-
Job Description
We are seeking a highly skilled and innovative Security Operations Center (SOC) Analyst, Journeyman to join our team in the greater DMV area, supporting the Army National Guard.Qualifications5 years with BS/BA; 3 years with MS/MA; 0 years with PhDClearance: Active TS/SCI clearance.Candidate must meet ONE of the following:Bachelor's degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; ORRelevant DoD/military training (examples: 4C‑255S (CP); M03385G; M10395B; M223854; A‑531‑0451; A‑531‑4421; A‑531‑1900; Cyber Defense Analyst (Intermediate) Playlist; DISA (511) Training); ORRelevant professional certification or equivalent experience (examples: CEH(P); GMON; GRID; Cloud+; FITSP‑O; GCED; GDSA; GSEC; PenTest+; Security+).Required experience and skills:SOC, incident response, or detection engineering experience with demonstrated Tier‑2 analysis responsibilities.Proficiency with SIEM query languages and alert investigation workflows, EDR triage, IDS/IPS signature logic, and log forensics.Experience authoring and tuning detection rules/signatures, validating IOCs, and documenting reproducible investigation artifacts.Strong analytical writing for incident summaries, technical briefs, and escalation packages; ability to coordinate cross‑team remediation actions.Desired:Prior DoD/ARNG SOC or detection engineering experience and familiarity with CDAP/CHAP operational contexts.Experience with threat‑hunting techniques, detection metrics (precision/recall), SOAR integrations, and mentoring junior analysts.ResponsibilitiesPerform advanced analysis of security events escalated from Tier 1: correlate SIEM logs, IDS/IPS alerts, EDR/endpoint telemetry, network flows, and threat‑intelligence feeds to identify true incidents.Investigate suspected compromises, conduct risk assessments for access requests, and develop initial countermeasure recommendations in coordination with SOC, CIRT, and RCC‑ARNG.Author, tune, and refine detection content (SIEM rules, IDS/IPS signatures, filters) to improve fidelity and reduce alert noise.Execute deeper forensic/log analysis, reconstruct timelines, and validate detections to support escalation and remediation workflows.Document investigation steps, produce incident summaries and technical inputs for SOC reports, and maintain case evidence and tickets.Coordinate with engineering and sensor owners on tuning, deployment of detection logic, WCF/FPA policy adjustments, and monitoring enhancements.Contribute to SOC playbook updates, detection engineering backlog, and continuous improvement initiatives to enhance detection and response capabilities.#J-18808-Ljbffr
-
ABOUT THE COMPANY
-
-
Government Careers
Show moreGovernment jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
-