Security Operations Center; Soc Analyst, Journeyman

We are seeking a highly skilled and innovative Security Operations Center (SOC) Analyst, Journeyman to join our team in the greater DMV area, supporting the Army National Guard.

• 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
• Clearance:
  Active TS/SCI clearance.
• Candidate must meet ONE of the following:
  • Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR
  • Relevant DoD/military training (examples: 4C‑255S (CP); M03385G; M10395B; M223854; A‑531‑0451; A‑531‑4421; A‑531‑1900;
    Cyber Defense Analyst (Intermediate) Playlist; DISA (511) Training); OR
  • Relevant professional certification or equivalent experience (examples: CEH(P); GMON; GRID; Cloud+; FITSP‑O; GCED; GDSA; GSEC; Pen Test+; Security+).
• Required experience and skills:
  • SOC, incident response, or detection engineering experience with demonstrated Tier‑2 analysis responsibilities.
  • Proficiency with SIEM query languages and alert investigation workflows, EDR triage, IDS/IPS signature logic, and log forensics.
  • Experience authoring and tuning detection rules/signatures, validating IOCs, and documenting reproducible investigation artifacts.
  • Strong analytical writing for incident summaries, technical briefs, and escalation packages; ability to coordinate cross‑team remediation actions.
• Desired:
  • Prior DoD/ARNG SOC or detection engineering experience and familiarity with CDAP/CHAP operational contexts.
  • Experience with threat‑hunting techniques, detection metrics (precision/recall), SOAR integrations, and mentoring junior analysts.

• Perform advanced analysis of security events escalated from Tier 1: correlate SIEM logs, IDS/IPS alerts, EDR/endpoint telemetry, network flows, and threat‑intelligence feeds to identify true incidents.
• Investigate suspected compromises, conduct risk assessments for access requests, and develop initial countermeasure recommendations in coordination with SOC, CIRT, and RCC‑ARNG.
• Author, tune, and refine detection content (SIEM rules, IDS/IPS signatures, filters) to improve fidelity and reduce alert noise.
• Execute deeper forensic/log analysis, reconstruct timelines, and validate detections to support escalation and remediation workflows.
• Document investigation steps, produce incident summaries and technical inputs for SOC reports, and maintain case evidence and tickets.
• Coordinate with engineering and sensor owners on tuning, deployment of detection logic, WCF/FPA policy adjustments, and monitoring enhancements.
• Contribute to SOC playbook updates, detection engineering backlog, and continuous improvement initiatives to enhance detection and response capabilities.