Cyber Defense Analyst Job Description

Position Summary

Essential Duties and Responsibilities

• Perform cybersecurity monitoring incident detection triage analysis and response activities in support of SBA SOC operations.
• Support 24x7x365 SOC operations in accordance with SBA ECS Task Area 3.5.3 requirements.
• Monitor security alerts and analyze network endpoint system cloud and application activity for indicators of compromise.
• Investigate cybersecurity incidents and suspicious events utilizing SIEM EDR IDS/IPS firewall and threat intelligence platforms.
• Support incident response activities in accordance with SBA ECS Task Area 3.5.3.3 and NIST SP 800-61 guidance.
• Create update and manage cybersecurity incident tickets case files reports and escalation documentation.
• Perform log analysis and event correlation using multiple security monitoring platforms and data sources.
• Assist with threat hunting activities to identify malicious or anomalous activity across enterprise environments.
• Analyze phishing attempts malware activity unauthorized access attempts and suspicious user behavior.
• Support containment eradication remediation and recovery activities during cybersecurity incidents.
• Document incident findings response actions lessons learned and operational recommendations.
• Escalate incidents to senior analysts incident responders or Government leadership based on severity and impact.
• Support vulnerability management coordination and remediation tracking activities.
• Monitor external cybersecurity threat intelligence feeds CISA advisories and vulnerability notifications.
• Assist with forensic evidence collection and preservation activities as directed.
• Provide operational support for cloud environments including Microsoft Azure AWS Microsoft 365 and SaaS platforms.
• Participate in SOC shift turnover briefings operational reporting and incident coordination meetings.
• Support cybersecurity exercises continuity of operations (COOP) activities and readiness initiatives.
• Maintain compliance with federal cybersecurity standards policies procedures and reporting requirements.
• Collaborate with internal and external stakeholders to support incident response and operational security objectives.

Minimum Qualifications

• Bachelors degree in Cybersecurity Information Technology Computer Science Information Assurance or related technical discipline. Relevant experience may substitute for education requirements.
• Minimum of 5 years of cybersecurity operations SOC analysis cyber defense or incident response experience.
• Experience supporting enterprise SOC operations cybersecurity monitoring and incident response activities.
• Experience with SIEM EDR IDS/IPS vulnerability management and network security monitoring tools.
• Knowledge of incident response methodologies threat analysis and cybersecurity operations concepts.
• Experience analyzing logs alerts indicators of compromise and security event data.
• Understanding of federal cybersecurity frameworks including NIST SP 800-53 and NIST SP 800-61.
• Experience supporting cloud security operations in AWS Azure Microsoft 365 or hybrid environments.
• Strong analytical technical communication and documentation skills.
• Ability to work effectively in fast-paced operational environments supporting rotating SOC shifts.

Preferred Certifications

• CompTIA Security
• CompTIA CySA
• GIAC Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)
• GIAC Certified Intrusion Analyst (GCIA)
• Splunk Core Certified User or SIEM-related certification
• AWS Certified Security Specialty
• Microsoft Azure Security Engineer Associate