Incident Responder SOC Analyst

Richmond, VA - USA

Monthly Salary: Not Disclosed

Posted on: 6 hours ago

Vacancies: 1 Vacancy

Job Summary

Only 4 page resume

POSITION SUMMARY

Seeking candidates for an Incident Responder / SOC Analyst to strengthen the cybersecurity capabilities of its IT operations. This role is critical in investigating and mitigating advanced cybersecurity threats to ensure the confidentiality integrity and availability of sensitive IT systems and data. This position offers an opportunity to contribute to the resilience and integrity of critical infrastructure in a collaborative mission-driven judicial setting.

The selected candidate will handle tasks aligned with Tier 1 and Tier 2 SOC Analysts following the NICE framework. This includes monitoring multiple security platforms and managing security incidents including performing in-depth investigations monitoring threat intelligence and performing containment and recovery activities. This position requires strong analytical skills familiarity with security tools and the ability to collaborate across teams to protect critical IT systems.

The most competitive applicants will have experience with cybersecurity tools such as Qualys Splunk Cisco Secure Access ThousandEyes DUO and Cloudflare. Experience with Active Directory Azure AD and ticketing systems like ServiceNow and Jira is highly desirable. Candidates should have strong knowledge of security concepts including Zero Trust architecture Network Access Control (NAC) endpoint security and other best practices in the cybersecurity industry.
KEY RESPONSIBILITIES
In addition to other occasional tasks the candidates key responsibilities will be:

Monitor and triage alerts from SIEM EDR and NDR tools to distinguish false positives from true positives.
Investigate incidents validating severity scope and potential impact.
Analyze attack telemetry and convert raw data into actionable threat intelligence.
Collaborate with and escalate to Tier 3 analysts or senior cybersecurity staff for complex cases requiring deep forensic analysis or malware reverse engineering.
Leverage threat intelligence sources such as IOCs updated detection rules MITRE ATT&CK CISA advisories and Virginia Fusion Center to enhance investigations and detection capabilities.
Assist in designing and implementing containment strategies including host isolation account lockdown and network segmentation.
Coordinate recovery efforts to securely restore systems and prevent recurrence of incidents.
Update and refine incident response playbooks and procedures based on postmortems lessons learned and emerging threats.
Assist in SIEM tuning and detection rule optimization to reduce false positives and improve alert fidelity.
Prepare detailed incident reports for internal stakeholders ensuring clarity and completeness.
Thoroughly document findings within case management and ticketing systems (timestamps artifacts actions taken).
Collect and preserve evidence (logs emails file hashes process trees) in accordance with standard operating procedures.
Track and close tickets ensuring SLAs are met and proper handoffs occur across shifts.
Contribute to continuous improvement by providing feedback on alert quality and playbook enhancements to senior security staff and engineering teams.

MINIMUM QUALIFICATIONS
Minimum qualifications are the essential non-negotiable requirements a candidate must meet to be considered for the position.

2 5 years of experience in cybersecurity operations incident response or working in a SOC environment.
Strong understanding of:
- Incident Response Lifecycle (NIST 800-61 or similar frameworks)
- Threat intelligence and IOC correlation
- Network protocols (TCP/IP DNS HTTP) and log analysis
Proficiency with:
- SIEM platforms (e.g. Splunk QRadar Microsoft Sentinel etc.)
- EDR tools (e.g. CrowdStrike Microsoft Defender Cisco Secure Endpoint etc.)
- Threat intelligence platforms and IOC feeds
Familiarity with incident handling concepts (NIST 800-61) and the basic incident response lifecycle.
Familiarity with Active Directory Azure AD and identity management concepts.
Scripting knowledge using tools such as PowerShell or Python for automation and data parsing.
Ability to contain and remediate incidents using established playbooks and best practices.
Excellent documentation and communication skills for both technical and non-technical audiences.

PREFERRED QUALIFICATIONS

Preferred qualifications are desirable but non-mandatory job skills experience or education that make an applicant an ideal candidate helping them stand out among other applicants who meet the minimum qualifications.

Bachelors degree in Cybersecurity Information Technology Computer Science or a related discipline.
Industry certifications (earned or in-progress) such as:
- CompTIA Security CySA
- GIAC certifications (GCIA GCIH GCFA)
- CISSP (in-progress acceptable)
- Microsoft certifications (SC-900 SC-200)
- Splunk Core User or equivalent
Experience with:
- SOAR automation for incident response workflows
- Packet capture and analysis tools (e.g. Wireshark)
- Cloud security concepts and tools (Azure AWS)

Only 4 page resume POSITION SUMMARY Seeking candidates for an Incident Responder / SOC Analyst to strengthen the cybersecurity capabilities of its IT operations. This role is critical in investigating and mitigating advanced cybersecurity threats to ensure the confidentiality integrity and availab...

Only 4 page resume

POSITION SUMMARY

Monitor and triage alerts from SIEM EDR and NDR tools to distinguish false positives from true positives.
Investigate incidents validating severity scope and potential impact.
Analyze attack telemetry and convert raw data into actionable threat intelligence.
Collaborate with and escalate to Tier 3 analysts or senior cybersecurity staff for complex cases requiring deep forensic analysis or malware reverse engineering.
Leverage threat intelligence sources such as IOCs updated detection rules MITRE ATT&CK CISA advisories and Virginia Fusion Center to enhance investigations and detection capabilities.
Assist in designing and implementing containment strategies including host isolation account lockdown and network segmentation.
Coordinate recovery efforts to securely restore systems and prevent recurrence of incidents.
Update and refine incident response playbooks and procedures based on postmortems lessons learned and emerging threats.
Assist in SIEM tuning and detection rule optimization to reduce false positives and improve alert fidelity.
Prepare detailed incident reports for internal stakeholders ensuring clarity and completeness.
Thoroughly document findings within case management and ticketing systems (timestamps artifacts actions taken).
Collect and preserve evidence (logs emails file hashes process trees) in accordance with standard operating procedures.
Track and close tickets ensuring SLAs are met and proper handoffs occur across shifts.
Contribute to continuous improvement by providing feedback on alert quality and playbook enhancements to senior security staff and engineering teams.

MINIMUM QUALIFICATIONS
Minimum qualifications are the essential non-negotiable requirements a candidate must meet to be considered for the position.

2 5 years of experience in cybersecurity operations incident response or working in a SOC environment.
Strong understanding of:
- Incident Response Lifecycle (NIST 800-61 or similar frameworks)
- Threat intelligence and IOC correlation
- Network protocols (TCP/IP DNS HTTP) and log analysis
Proficiency with:
- SIEM platforms (e.g. Splunk QRadar Microsoft Sentinel etc.)
- EDR tools (e.g. CrowdStrike Microsoft Defender Cisco Secure Endpoint etc.)
- Threat intelligence platforms and IOC feeds
Familiarity with incident handling concepts (NIST 800-61) and the basic incident response lifecycle.
Familiarity with Active Directory Azure AD and identity management concepts.
Scripting knowledge using tools such as PowerShell or Python for automation and data parsing.
Ability to contain and remediate incidents using established playbooks and best practices.
Excellent documentation and communication skills for both technical and non-technical audiences.

PREFERRED QUALIFICATIONS

Bachelors degree in Cybersecurity Information Technology Computer Science or a related discipline.
Industry certifications (earned or in-progress) such as:
- CompTIA Security CySA
- GIAC certifications (GCIA GCIH GCFA)
- CISSP (in-progress acceptable)
- Microsoft certifications (SC-900 SC-200)
- Splunk Core User or equivalent
Experience with:
- SOAR automation for incident response workflows
- Packet capture and analysis tools (e.g. Wireshark)
- Cloud security concepts and tools (Azure AWS)