Senior SOC Analyst

Overview

The Senior SOC Analyst is a key member of a 24/7/365 Security Operations Center, serving as the escalation point for advanced investigations, incident response, and proactive threat hunting. This role conducts higher-level analysis than other analysts on the team, performing deep forensic investigations, correlating multi-source threat intelligence, and guiding containment and remediation strategies. The Senior SOC Analyst identifies and mitigates advanced threats across enterprise IT endpoints, cloud environments, and OT systems, and leverages frameworks such as MITRE ATT&CK to detect, disrupt, and prevent malicious activity across enterprise environments.

This position works closely with SOC leadership to mentor junior staff, refine processes, and maintain a strong cybersecurity posture. Collaboration with engineers, threat intelligence, and forensics teams is essential to enhance detection capabilities, improve incident response readiness, and deliver actionable insights to leadership.

• Lead advanced incident detection, investigation, and analysis efforts. Correlate SIEM, EDR, IDS/IPS, and firewall data to identify and analyze potential incidents.
• Perform deep-dive investigations to determine root cause, scope, and impact of incidents.
• Apply MITRE ATT&CK and similar frameworks to identify adversary tactics, techniques, and procedures (TTPs).
• Conduct kill-chain and supply chain analysis to understand and counter threats.
• Coordinate and direct complex incident response activities, including identification, containment, eradication, and recovery actions.
• Serve as the primary escalation point for high-impact or advanced incidents.
• Conduct proactive threat hunting to identify emerging risks and undiscovered vulnerabilities.
• Analyze telemetry, logs, and behavioral patterns for indicators of compromise or attack.
• Use advanced queries in cybersecurity tools to detect anomalous or suspicious activity.
• Ensure proper forensic collection, preservation, and analysis of digital evidence in collaboration with forensics teams.
• Extract and analyze relevant artifacts to support investigations and post-incident reviews. Develop and enhance SOC processes, playbooks, and detection capabilities.
• Refine detection rules, alert thresholds, and automation workflows in SIEM/SOAR and other tools.
• Create SOPs, knowledge base articles, and training materials for SOC staff.
• Perform threat intelligence collection, analysis, and dissemination using internal and open-source feeds.
• Produce actionable intelligence and share relevant threat information with leadership and partner teams.
• Mentor and train SOC analysts to improve investigative and analytical skills.
• Provide real-time guidance during active incidents. Conduct training sessions, tabletop exercises, and red/blue team drills.
• Collaborate with stakeholders to strengthen the overall cybersecurity posture. Work with IT, cloud, and engineering teams to address vulnerabilities and improve defenses.
• Participate in tool evaluations and recommend solutions to enhance SOC capabilities.
• Maintain documentation and reporting for SOC operations, including incident timelines, reports, and post-mortem summaries.
• Provide executive-level briefings on security events and SOC performance.

Education: Master’s degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science from an accredited institution fulfills the educational requirement.

Experience: Minimum of eight (8) years of experience in Information Technology (IT) or Information Security (IS). This includes any combination of relevant experience from the areas above, not eight years for each.

Certifications: Must hold at least one DoD 8140/8570-compliant certification or be able to obtain one within six (6) months of hire. Certification must be maintained during employment.

Clearance: Must hold an active Secret clearance or higher and be eligible for Top Secret if required.

Additional experience may substitute for education, and vice versa: 1.5 years of relevant experience = 1 year of education. High school diploma = +3 years’ experience to reach an associate degree. Associate degree = +6 years’ experience to reach a master’s degree. Relevant DoD 8140 intermediate or advanced certifications may count as 1.5 years of experience.

Cyber Defense Analyst (Advanced)

Certifications:

CBROPS, CFR CompTIA:
CySA+, Security+ CE, CASP+ CE; FITSP-O; SANS: GCFA, GCIA, GDSA, GICSP;
Cisco: CCNA Security, CCNP Security; CISSP (or Associate), CCSP; CISA, SSCP, CND. Personnel in this role may also serve as subject matter experts (SMEs) or provide guidance and recommendations in accordance with industry best practices, federal cybersecurity standards, and applicable regulations. This position requires expertise across multiple cybersecurity domains, including security architecture and design, vulnerability analysis and…