Local Defender - Cybersecurity SOC Threat Analyst

PeopleTec is currently seeking a Local Defender Cybersecurity (SOC & Threat Analyst) to support our Sunny Point Army Ammunition Plant Southport NC location.

The Local Defender is a critical cybersecurity role responsible for protecting the organizations digital assets through proactive monitoring analysis and response to cyber threats. This role combines the duties of a Security Operations Center (SOC) Analyst and Threat Analyst to ensure a holistic defense against emerging threats. Key responsibilities include monitoring security logs analyzing and reporting cyber incidents reviewing Common Vulnerabilities and Exposures (CVEs) and implementing directives from NETCOM (e.g. Cyber Tasking Orders CTO). Work is performed onsite with occasional oncall duties for critical incidents in a collaborative demanding environment requiring attention to emerging threats and vulnerabilities.

The preferred candidate will be wellversed in common cyber threats vulnerabilities and adversarial tactics techniques and procedures (TTPs). In this role the candidate is expected to work with minimal guidance in a crossfunctional team ensuring reports and recommendations are effectively communicated and actioned to support the Government customer and mission requirements.

Duties:

SOC Activities and Duties

• Monitor and analyze security events and alerts generated by SIEM platforms firewalls IDS/IPS and endpoint detection tools to identify potential threats and anomalous behavior.
• Analyze potential security incidents and investigate to determine the scope impact root cause and recommend effective remediation strategies.
• Perform triage on security incidents to identify root causes and recommend appropriate mitigation measures.
• Conduct regular reviews of SIEM reports to identify patterns trends and potential vulnerabilities within the organizations infrastructure.
• Develop actionable recommendations based on SIEM data analysis to enhance detection capabilities optimize alert configurations and address identified gaps.
• Escalate critical incidents to senior leadership or appropriate teams and provide detailed incident summaries with proposed mitigation actions.
• Maintain accurate documentation of security events and incidenthandling procedures.

Threat Analysis & Intelligence

• Monitor and evaluate Cyber Tasking Orders (CTOs) and other directives from NETCOM ensuring compliance and timely implementation of mitigations.
• Conduct research on the latest organizations environment threat vectors attack methodologies and adversarial tactics techniques and procedures (TTPs).
• Collaborate with other cybersecurity team members and the government customer to integrate threat intelligence into incident detection and response processes.
• Analyze CVEs security bulletins threat intelligence feeds and security advisories to assess their relevance and potential impact to the mission and the organizations environment.
• Correlate threat intelligence with SIEM findings to identify and assess emerging threats.
• Develop and communicate proactive mitigation strategies based on threat landscape trends and adversary tactics.

Reporting & Communication

• Generate detailed and actionable reports for leadership from SIEM platforms summarizing identified threats incidents and remediation steps.
• Provide recommendations for improving the organizations cybersecurity posture based on incident trends and threat intelligence.
• Maintain clear communication with crossfunctional teams to ensure alignment with security objectives and protocols.
• Generate detailed reports threats false positives and actionable insights.
• Provide the Government customer and leadership with concise datadriven recommendations for enhancing the organizations cybersecurity defenses based on SIEM trends and incident analysis.
• Prepare summaries and status updates of security posture improvements resulting from SIEM data analysis and implemented recommendations.

Security Tool Management & Optimization

• Support the configuration tuning and optimization of security monitoring tools including SIEM and threat detection platforms.
• Conduct periodic reviews and updates of security tools to address gaps or inefficiencies.
• Participate in the testing and implementation of new security technologies as required.
• Collaborate with the team and the stakeholder community to finetune SIEM configurations including custom rule creation and log source integration to improve threat detection accuracy.
• Conduct periodic evaluations of SIEM and related tools providing recommendations for feature enhancements or additional capabilities.
• Support the testing and deployment of security solutions to ensure seamless integration with the existing monitoring infrastructure.

Required Skills/Experience:

• 2 years of experience in a SOC cybersecurity or related role.
• CISSP CompTIA Security CySA CEH or GIAC certifications (e.g. GCIH GCIA) Splunk Core Certified User / Power User Cisco Certified CyberOps Associate.
• Proficiency in analyzing security events logs and alerts from various security tools (e.g. SIEM firewalls IDS/IPS).
• Applied knowledge of network topologies protocols (e.g. TCP/IP ICMP HTTP/S DNS SSH SMTP SMB) and experience with tools like Palo Alto Elastic SIEM Cribl Splunk VMware Security Center.
• Experience in other tools and protocols as applicable such as Nessus Endgame CrowdStrike Gray Noise Shodan Bacnet MODBus SCADA systems and PCAP.
• Knowledge of threat intelligence frameworks (e.g. MITRE ATT&CK) and vulnerability management practices.
• Knowledge of NETCOM policies Cyber Tasking Orders (CTOs) and cybersecurity compliance requirements.
• Strong analytical and problemsolving skills with attention to detail.
• Must be a U.S. Citizen
• An active DoD Secret clearance is required to perform this work. Candidates are required to have an active Secret clearance upon hire and the ability to maintain this level of clearance during their employment.

Education Requirements:

• Bachelors degree in Cybersecurity Computer Science Information Technology or a related field (or equivalent experience).

Physical Requirements:

• Requires working onsite and as needed during incidents.

Desired Skills:

• GIAC Penetration Tester (GPEN)
• Offensive Security Certified Professional (OSCP)
• Experience with scripting languages (e.g. Python PowerShell) for automating security tasks.
• Understanding of advanced threat detection methodologies and incident response processes.
• Excellent verbal and written communication skills for creating technical reports and presentations.
  
  

People First. Technology Always.

PeopleTec Inc. is an employeeowned small business founded in Huntsville AL that provides exceptional customer support by employing and retaining a highly skilled workforce.

Culture: The name PeopleTec was deliberately chosen to remind us of our core value system our people. Our companys foundation was built on placing our employees and customers first. With an awardwinning atmosphere we have matured into a company that boasts the best and brightest across multiple technical fields.

Career: At PeopleTec we value your longterm goals. Whether its through our continuingeducation opportunities our robust training programs or our People First benefits package PeopleTec truly believes that our best investments are our people.

Come Experience It.

#cjpost #dpost

EEO Statement

PeopleTec Inc. is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in its job application procedures. If you have any difficulty using our online system and you need an accommodation due to a disability you may use the following email address and/or phone number 256.319.3800 to contact us about your interest in employment with PeopleTec Inc.

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age genetic information citizenship ancestry marital status protected veteran status disability status or any other status protected by federal state or local law. PeopleTec Inc. participates in EVerify.