Incident Responder - SOC Analysts

Incident Responder / SOC Analyst

Richmond, VA (ONSITE 3-4 days / week)

ONGOING, Long Term Contract (Auto renew every 6 months)

An organization is seeking a skilled Incident Responder / SOC Analyst to support and enhance its cybersecurity operations. This role plays a critical part in protecting the confidentiality, integrity, and availability of sensitive systems and data.

The analyst will investigate cybersecurity threats, respond to incidents, and strengthen ongoing detection and response capabilities. Responsibilities align with Tier 1 and Tier 2 SOC functions under the NICE framework.

Key Responsibilities

Monitoring & Detection

• Monitor and triage alerts from SIEM, EDR, and NDR tools to identify and validate true security events.
• Conduct incident investigations, assessing severity, scope, and impact .
• Analyze attack telemetry and convert raw data into actionable threat intelligence.

Incident Response & Containment

• Coordinate with senior cybersecurity staff or advanced analysts on complex investigations requiring deeper forensic analysis or malware reverse engineering.
• Utilize threat intelligence sources—IOCs, updated detections, frameworks like MITRE ATT&CK , and relevant advisories—to strengthen detection capabilities.
• Assist in designing and implementing containment strategies, including device isolation, account lockdown, and segmentation.
• Support recovery activities to restore systems securely and prevent recurrence.

Operational Excellence

• Update and refine incident response playbooks, procedures, and documentation based on lessons learned.
• Assist with SIEM tuning , detection rule optimization, and reduction of false positives.
• Prepare detailed incident reports for stakeholders, ensuring clarity and completeness.
• Thoroughly document investigation steps, evidence, timestamps, and actions taken in case management systems.
• Collect and preserve digital evidence according to standard operating procedures.
• Manage ticketing workflows, ensuring SLA compliance and effective handoff between shifts.
• Collaborate with leadership and engineering teams to improve alert quality and operational efficiency.

Minimum Qualifications

Candidates must meet the following essential requirements:

• 2–5 years of experience in cybersecurity operations, incident response, or a SOC environment.
• Strong understanding of:
  • Incident Response Lifecycle (e.g., NIST 800-61)
  • Threat intelligence & IOC correlation
  • Network protocols (TCP/IP, DNS, and log analysis
• Proficiency with:
  • SIEM platforms (Splunk, QRadar, Microsoft Sentinel, etc.)
  • EDR tools (CrowdStrike, Microsoft Defender, Cisco Secure Endpoint, etc.)
  • Threat intelligence platforms and IOC feeds
• Familiarity with incident handling concepts and identity management (Active Directory, Azure AD).
• Scripting experience using PowerShell or Python for automation and data parsing.
• Ability to contain and remediate incidents using established playbooks.
• Strong communication and documentation skills for technical and non-technical audiences.

Preferred Qualifications

These skills and credentials are not required but are highly desirable:

Education

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or a related field.

Certifications (earned or in progress)

• CompTIA Security+ , CySA+
• GIAC certifications (e.g., GCIA, GCIH, GCFA )
• CISSP (in progress acceptable)
• Microsoft security certifications ( SC-900, SC-200)
• Splunk Core User or equivalent

Additional Experience

• SOAR automation for incident response workflows
• Packet capture and analysis (e.g., Wireshark )
• Cloud security concepts and tooling (Azure, AWS)