Security Operations Center (SOC) Analyst - Tier 2

Job Description

Job Description

Description:

Job Title: Security Operations Center (SOC) Analyst - Tier 2

Location: Northern Virginia

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Job Purpose:

The Security Operations Center (SOC) Analyst Tier 2 provides advanced threat detection, analysis, and response to protect critical systems and data. This role leads monitoring and investigation efforts, mentors junior analysts, and ensures incidents are managed effectively in accordance with DoD cybersecurity standards. The Tier 2 Analyst acts as a key escalation point for complex alerts, coordinates with internal teams and external stakeholders, and contributes to the continuous improvement of SOC processes and defenses. This position requires both technical expertise and leadership ability to guide shift operations, interface with senior staff and government partners, and maintain the organization’s overall cybersecurity posture.

Duties & Responsibilities:

The SOC Analyst – Tier 2 responsibilities include, but are not limited to:

• Oversee the monitoring of systems health as well as system security alerts.
• Analyze and investigate escalated alerts from Tier 1 analysts using tools such as SIEM, EDR, IDS/IPS, and network monitoring solutions.
• Perform advanced log analysis, network traffic analysis, and endpoint investigation to determine the nature and scope of threats.
• Lead incident response activities.
• Assist with malware analysis and reverse engineering to understand the behavior and intent of malicious artifacts.
• Collaborate with Threat Intelligence Teams to correlate indicators of compromise (IOCs) and emerging threats with active incidents.
• Support threat hunting operations to proactively identify threats that evade automated detection tools.
• Prepare detailed incident reports and deliver briefings to internal stakeholders, including senior leadership.
• Collaborate with Tier 3 analysts, system administrators, and other IT teams to implement mitigation strategies.
• Participate and disseminate external DoD meetings and TASKORDS.
• Ensure adherence to cybersecurity policies, processes, and compliance standards such as NIST, CIS Controls, or DoD requirements.
• Mentor Tier 1 analysts by providing guidance and support to improve their skills and escalation processes.
• Familiar with DOD 8530 and NIST SP 800-61 Rev. 3

The SOC Analyst – Tier 2 is expected to have additional duties as assigned in support of corporate cyber security services. Additional details are reviewed in accordance with company policies.

Qualifications

• 4-6 years of experience in a SOC environment or cybersecurity operations role.
• Must currently possess an active TS/SCI with the ability to obtain and maintain a CI polygraph.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• DoD IAT Level II and CSSP Analyst Certification is required in accordance with DOD 8570/8140.
• One or more of the following certifications (preferred):
• GCIH, GCIA, CySA+, GCFA.
• Proven experience investigating and responding to security incidents.
• Proficiency with SIEM platform Splunk and endpoint detection tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender).
• Strong understanding of network protocols, packet analysis, and tools like Wireshark or Zeek.
• Experience with IDS/IPS/NDR/EDR tools (e.g., Snort, Suricata, Bricata) and malware analysis techniques.
• Ability to analyze logs, correlate data, and detect adversary tactics, techniques, and procedures (TTPs).
• Familiarity with threat intelligence frameworks like MITRE ATT&CK, Cyber Kill Chain, and IOC analysis.
• Basic scripting or automation skills (e.g., Python, PowerShell, Bash) to enhance workflows.
• Strong analytical and critical thinking skills to investigate incidents and determine root causes.
• Excellent written and verbal communication skills for technical reporting and briefings.
• Ability to mentor junior analysts and work collaboratively in a fast-paced environment.

Preferred Qualifications

• Experience with forensic tools (e.g., FTK, EnCase, Volatility).
• Hands-on experience with cloud security monitoring in AWS, Azure, or GCP.
• Familiarity with Threat Hunting methodologies and tools.
• Familiarity with DoD TASKORDS
• Participated in a CSSP Inspection
• Knowledge of security compliance frameworks: NIST, ISO 27001, STIG, and/or CIS Controls, or DoD RMF.