Sr Security Ops Analyst

* Position is Eligible for Remote / Work from Home Opportunity*

Department:
Systems Security

Telecommuting Eligible:
Yes

Job Grade: E13

As a condition of employment physical work location must be in one of the 50 states or the District of Columbia. Notice of Collection & Privacy Policy for Applicants Residing in California:
California Applicant Privacy Policy | Noridian ()

Senior Security Operations Analyst

Security Operations Analysts are responsible for monitoring, detecting, and responding to cybersecurity threats and incidents across the enterprise. They perform threat analysis, incident response, and proactive threat hunting while ensuring compliance with Centers for Medicare & Medicaid Services (CMS) Acceptable Risk Safeguards (ARS) 5.1, National Institute of Standards and Technology (NIST) 800-53, and Federal Information Systems Management Act (FISMA) standards. The team works to continuously improve security processes, tools, and automation, with a focus on advanced monitoring, containment and remediation activities.

• Serves as incident commander for high-severity incidents, coordinating with internal and external stakeholders.
• Monitors network, host, and application alerts for indicators of compromise or policy violations.
• Leads root cause analysis (RCA), post-incident reviews, and report preparation for management and regulatory bodies.
• Researches and classifies software patch updates.
• Creates and updates incident tickets in accordance with defined SLAs and escalation procedures.
• Participates in continuous monitoring operations, including log correlation and alert tuning.
• Maintains detailed documentation of all alerts, investigations, and response activities.
• Supports daily and weekly reporting of security operations metrics and trends.
• Adheres to established playbooks and incident handling procedures.
• As assigned, provides after-hours support by responding to and assisting with incidents as part of an on-call or escalation rotation.
• Conducts advanced analysis and correlation of events across multiple data sources (endpoint, network, identity, and cloud).
• Performs threat hunting activities leveraging MITRE ATT&CK and other intelligence frameworks.
• Leads containment and eradication steps for medium-severity incidents.
• Develops advanced detection logic and tuning strategies for SIEM and Security Orchestration, Automation, and Response (SOAR) platforms.
• Mentors and trains Security Operations Analysts I & II, promoting consistent analysis and response standards.
• Collaborates with Threat Intelligence, GRC, and Engineering to integrate new data sources and controls into the security operations ecosystem.
• Develops and maintains incident response and threat hunting playbooks mapped to MITRE ATT&CK.
• Contributes to strategic initiatives such as SOC automation, security metrics, and maturity assessments.
• Reviews and approves SOC documentation, workflows, and new use case development.
• Acts as primary technical liaison during external audits, penetration tests, and tabletop exercises.
• Stays informed on emerging threats, vulnerabilities, and technologies; recommend process or tool enhancements.
• Coordinates with IT and Security Engineering for incident response, remediation, and lessons learned.
• Develops and refines security operations use cases and detection rules to reduce false positives and improve alert quality.
• Maintains and improves security operations playbooks, runbooks, and standard operating procedures.
• Conducts quality review of Analyst I investigations and provides coaching and feedback.
• Contributes to weekly threat reports, metrics, and situational awareness briefings.
• Participates in vulnerability management reviews and validation scans.
• Collaborates with the Governance, Review and Compliance (GRC) team to support compliance evidence collection related to continuous monitoring controls.

• Other duties as assigned.

• Bachelors degree in Information Technology, Cybersecurity, or related field OR equivalent work experience determined by Human Resources.
• 7 years progressive experience in security operations, threat detection, and incident response.
• Demonstrated leadership experience in a SOC or incident response function.
• Expert knowledge of SIEM/EDR tools, threat intelligence feeds, and forensic techniques.
• Understanding of NIST 800-61 (Computer Security Incident Handling Guide), National Institute of Standards and Technology 800-53, and Federal Information Security Modernization Act (FISMA) requirements.
• Excellent communication skills with the ability to brief executives and technical teams.
• Demonstrated experience mentoring junior IT security professionals.

• 9 years of experience in security operations, threat detection, or incident response.
• Masters
• Global Information Assurance Certifications (GCIA)/(GCIH), Certified Information Systems Security Professional, or equivalent…