CBO - Tier 1 SOC Analyst
cFocus Software Incorporated, Washington, District of Columbia, United States
cFocus Software seeks a Tier 1 SOC Analyst to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.
Qualifications
Active Public Trust clearance
B.S. Computer Science, Information Technology, or a related field
Foundational knowledge of cybersecurity principles and SOC operations
Familiarity with SIEM tools, preferably Microsoft Sentinel
Understanding of common attack vectors and MITRE ATT&CK framework
Basic knowledge of networking, operating systems (Windows/macOS), and cloud environments
Strong analytical and problem-solving skills
Ability to follow procedures and work in a shift-based environment
Relevant certifications (e.g., Security+, CySA+, or equivalent)
Experience with Microsoft Defender tools (Endpoint, Identity)
Exposure to log analysis and incident response processes
Preferred certifications include but are not limited to
GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
Microsoft Sentinel or Microsoft security platform certifications
Relevant cloud security certifications (e.g., AWS security)
Privacy certifications (e.g., CIPP/US, CIPM) where applicable
Duties
Monitor security alerts and events using SIEM tools (e.g., Microsoft Sentinel)
Perform initial triage and validation of alerts to determine legitimacy
Escalate confirmed or suspicious incidents to Tier II analysts per defined procedures
Document incidents, actions taken, and findings in ticketing systems
Follow established playbooks and standard operating procedure
Assist with log review across identity, endpoint, network, and cloud environments
Support reporting requirements by contributing to weekly and monthly SOC reports
Maintain situational awareness of emerging threats and indicators of compromise
#J-18808-Ljbffr
Qualifications
Active Public Trust clearance
B.S. Computer Science, Information Technology, or a related field
Foundational knowledge of cybersecurity principles and SOC operations
Familiarity with SIEM tools, preferably Microsoft Sentinel
Understanding of common attack vectors and MITRE ATT&CK framework
Basic knowledge of networking, operating systems (Windows/macOS), and cloud environments
Strong analytical and problem-solving skills
Ability to follow procedures and work in a shift-based environment
Relevant certifications (e.g., Security+, CySA+, or equivalent)
Experience with Microsoft Defender tools (Endpoint, Identity)
Exposure to log analysis and incident response processes
Preferred certifications include but are not limited to
GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
Microsoft Sentinel or Microsoft security platform certifications
Relevant cloud security certifications (e.g., AWS security)
Privacy certifications (e.g., CIPP/US, CIPM) where applicable
Duties
Monitor security alerts and events using SIEM tools (e.g., Microsoft Sentinel)
Perform initial triage and validation of alerts to determine legitimacy
Escalate confirmed or suspicious incidents to Tier II analysts per defined procedures
Document incidents, actions taken, and findings in ticketing systems
Follow established playbooks and standard operating procedure
Assist with log review across identity, endpoint, network, and cloud environments
Support reporting requirements by contributing to weekly and monthly SOC reports
Maintain situational awareness of emerging threats and indicators of compromise
#J-18808-Ljbffr