Security Operations Center Analyst

TECHEAD is celebrating over thirty-five years of incredible heritage, talent, and accomplishments! To learn more about TECHEAD, visit us at or on
Glassdoor
.

Contract: 6 Months

Hybrid: 3-4 Days Onsite

Local Candidates Only

** No C2C Candidates**

• Monitor and triage alerts from SIEM, EDR, and NDR tools to distinguish false positives from true positives.
• Investigate incidents validating severity, scope, and potential impact.
• Analyze attack telemetry and convert raw data into actionable threat intelligence.
• Handle tasks aligned with Tier 1 and Tier 2 SOC Analysts following the NICE framework
• Collaborate with and elevate to Tier 3 analysts or senior cybersecurity staff for complex cases requiring deep forensic analysis or malware reverse engineering.
• Leverage threat intelligence sources, such as IOCs, updated detection rules, MITRE ATT&CK, CISA advisories, Virginia Fusion Center, to enhance investigations and detection capabilities.
• Assist in designing and implementing containment strategies, including host isolation, account lockdown and network segmentation.
• Coordinate recovery efforts to securely restore systems and prevent recurrence of incidents.
• Update and refine incident response playbooks and procedures based on postmortems, lessons learned, and emerging threats.
• Assist in SIEM tuning and detection rule optimization to reduce false positives and improve alert fidelity.
• Prepare detailed incident reports for internal stakeholders, ensuring clarity and completeness.
• Thoroughly document findings within case management and ticketing systems (timestamps, artifacts, actions taken).
• Collect and preserve evidence (logs, emails, file hashes, process trees) in accordance with standard operating procedures.
• Track and close tickets, ensuring SLAs are met and proper handoffs occur across shifts.
• Contribute to continuous improvement by providing feedback on alert quality and playbook enhancements to senior security staff and engineering teams.

• 2–5 years of experience in cybersecurity operations, incident response, or working in a SOC
• Experience with cybersecurity tools such as Qualys, Splunk, Cisco Secure Access, Thousand Eyes, DUO, and Cloudflare. Experience with Active Directory, Azure AD, and ticketing systems like Service Now and Jira, is highly desirable.
• Strong understanding of:
• Incident Response Lifecycle (NIST 800-61 or similar frameworks)
• Threat intelligence and IOC correlation
• Network protocols (TCP/IP, DNS, HTTP) and log analysis
• Threat intelligence platforms and IOC feeds
  
  Familiarity with Active Directory, Azure AD, and identity management concepts.
• Strong knowledge of security concepts including Zero Trust architecture, Network Access Control (NAC), endpoint security, and other best practices in the cybersecurity industry.
• Scripting knowledge using tools such as Power Shell or Python for automation and data parsing.
• Ability to contain and remediate incidents using established playbooks and best practices.
• Excellent documentation and communication skills for both technical and non-technical audiences.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.
• Industry certifications (earned or in-progress) such as:
• CompTIA Security+, CySA+
• GIAC certifications (GCIA, GCIH, GCFA)
• CISSP (in-progress acceptable)
• Microsoft certifications (SC-900, SC-200)
• Splunk Core User or equivalent
• Experience with:
• SOAR automation for incident response workflows
• Packet capture and analysis tools (e.g., Wireshark)
• Cloud security concepts and tools (Azure, AWS)

TECHEAD's mission is to make our on-site associates successful by placing them in the right environment so they can grow and prosper. How we treat and respond to our clients and employees is a reflection of who we are and makes us stand out from the rest. Keeping our business focused on building and maintaining relationships with our employees and clients is the key to our success.

We won't strive for anything less.

TECHEAD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws governing non-discrimination in employment in every location in which the company has facilities.

This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

For more information on TECHEAD please visit