SOC T2 Analyst

We are seeking a mid-level Tier 2 SOC Analyst to support one of our federal clients in identifying, analyzing, and responding to cybersecurity threats. As a Tier 2 Analyst, you will be responsible for conducting in-depth investigations, identifying threat patterns, and coordinating with incident response teams to ensure rapid containment and resolution of security incidents.

Role Description:

• Perform detailed analysis and triage of escalated alerts from Tier 1 analysts

Investigate anomalies in logs and alerts using tools such as SIEM, EDR, IDS/IPS, and packet capture systems

• Correlate threat intelligence and IOCs with internal telemetry to identify malicious activity

Assist in incident response activities: evidence collection, containment, eradication, and recovery

• Recommend improvements to detection rules and monitoring configurations

Write detailed incident reports, root cause analyses, and recommendations for remediation

• Interface with engineering teams to help tune SOC tools and maintain security controls

• Develop playbooks and automation scripts to improve SOC efficiency

• Mentor Tier 1 analysts and provide guidance on investigation and escalation procedures

‍

Required Qualifications & Education:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or related field from a U.S. accredited college, university, or institution;

• Certifications: Security+, CySA+, CEH, or similar required; CISSP, GCIA, or GCIH preferred

• 3–5 years of experience in a cybersecurity or SOC environment

• Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar)

• Working knowledge of threat actor tactics, techniques, and procedures (TTPs)

• Proficiency in log analysis, malware behavior analysis, and packet-level inspection

• Familiarity with security frameworks such as NIST 800-53, MITRE ATT&CK, and ISO 27001

• Excellent problem-solving skills and attention to detail

‍

Desired Qualifications

• Experience with Microsoft Sentinel, CrowdStrike Falcon, ExtraHop, or Cisco SecureX

• Scripting knowledge in Python, PowerShell, or Bash for automation and log parsing

• Familiarity with cloud security monitoring (AWS, Azure, M365)

• Experience with vulnerability scanning tools (e.g., Nessus, Tenable, Qualys)

• Experience working in or supporting federal agencies or cleared environments

‍

Clearance and Location Requirements

• Able to be cleared for a Public Trust clearance.

• This position requires to be onsite 3 days per week in Washington, DC.

‍