Security Operation Center; SOC Analyst II
Listed on 2026-07-18
-
IT/Tech
Cybersecurity, Network Security, Information Security
Security Operation Center (SOC) Analyst II
REQ: 25-J-0266
Security Analyst’s primary function is to provide comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise. This position will conduct security event monitoring, advanced analytics and response activities in support of the government’s mission. The role requires a solid understanding of cyber threats and information security in the domains of TTPs, Threat Actors, Campaigns, and Observables and familiarity with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management.
The analyst will support activities within Special Access Programs (SAPs) for Department of Defense (DoD) agencies such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments, providing day‑to‑day support for Collateral, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) activities.
- Strong analytical and technical skills in computer network defense operations, leading Incident Handling (Detection, Analysis, Triage), Hunting, and Malware Analysis.
- Analyze security events to discern legitimate incidents from non‑incidents, including triage, investigation, countermeasure implementation, and incident response.
- Hands‑on experience with SIEM platforms and/or log management systems that perform collection, analysis, correlation, and alerting.
- Logical and critical thinking skills, especially analyzing security events (Windows event logs, network traffic, IDS events for malicious intent).
- Excellent organizational and detail‑oriented tracking of activities within various Security Operation workflows.
- Working knowledge of common operating systems (Windows, OS X, Linux), conceptual understanding of Windows Active Directory, networking protocols (TCP, UDP, ICMP, BGP, MPLS), and internet applications and standards (SMTP, DNS, DHCP, SQL, HTTP, HTTPS).
- Experience identifying and implementing countermeasures or mitigating controls for deployment in the enterprise network.
- Experience with at least one of the following technologies:
Network Threat Hunting, Big Data Analytics, Endpoint Threat Detection and Response, SIEM workflow and ticketing, Intrusion Detection System.
- 5–7 years of directly related experience.
- Prior performance in roles such as ISSO or ISSM (must be articulated on resume).
- Bachelor’s degree in a related field or equivalent experience (minimum 4 years).
- Must meet DoD Directive 8570.01‑M requirements for Information Assurance Technician Level 2, Information Assurance Manager Level 2, CND Auditor, or Incident Responder certification within 6 months of hire.
- Top Secret w/SCI Eligibility.
- Current clearance as defined in the Task Order.
- Eligibility for access to Special Access Program Information.
- Willingness to submit to a Counterintelligence polygraph.
- Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection.
- Research Emerging Threats and recommend monitoring content within security tools.
- Experience analyzing Net Flow data and packet capture (PCAP).
- Robust knowledge of attack methodologies, tactics, protocols, and security architecture, including DNS and remote access security techniques and products.
- Technical experience with IDS/IPS, firewalls, log analysis, SIEM, network behavior analysis tools, antivirus, network packet analyzers, digital forensics tools, and cyber incident response activities in an enterprise environment.
Competitive compensation package including generous PTO, flexible holidays, tax‑free healthcare cost reimbursement, and an immediate vesting 401(k) with 4% matching.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).