CBO - Tier 3 SOC Analyst
cFocus Software Incorporated, Washington, District of Columbia, United States
cFocus Software seeks a Tier 3 SOC Analyst to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.
Qualifications
Active Public Trust clearance
B.S. Computer Science, Information Technology, or a related field
5+ years of SOC Analyst experience
Expert knowledge of incident response, threat hunting, and detection engineering
Advanced experience with Microsoft Sentinel (SIEM) and Microsoft Defender tools
Strong understanding of MITRE ATT&CK framework and adversary tactics
Experience with digital forensics and malware analysis techniques
Ability to analyze logs across identity, endpoint, network, and cloud environments
Strong knowledge of AWS logs (CloudTrail, VPC Flow Logs) and enterprise security tools
Experience with KQL (Kusto Query Language) and advanced correlation analysis
Deep understanding of NIST frameworks (800-53, 800-61, 800-92) and Zero Trust principles
Experience with SOAR platforms and automation (Logic Apps, Sentinel playbooks)
Experience supporting federal environments and compliance (CUI, FTI, NIST, IRS 1075)
Experience leading incident response engagements and reporting to leadership
Preferred certifications include but are not limited to
GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
Microsoft Sentinel or Microsoft security platform certifications
Relevant cloud security certifications (e.g., AWS security)
Privacy certifications (e.g., CIPP/US, CIPM) where applicable
Duties
Lead investigation and response for complex and high-severity security incidents
Perform advanced threat hunting using Microsoft Sentinel and Defender platforms
Conduct digital forensics, malware analysis, and root cause analysis (RCA)
Develop, tune, and optimize detection rules, analytics, and correlation logic
Map detections and activities to MITRE ATT&CK framework
Oversee incident lifecycle management (detection through containment, eradication, and recovery)
Support and improve SOC playbooks, automation workflows, and response procedures
Provide mentorship and guidance to Tier I and Tier II analysts
Identify security control gaps and recommend remediation strategies
Support red team, purple team, and adversary emulation exercises
Contribute to incident reports, quarterly threat reviews, and executive briefings
#J-18808-Ljbffr
Qualifications
Active Public Trust clearance
B.S. Computer Science, Information Technology, or a related field
5+ years of SOC Analyst experience
Expert knowledge of incident response, threat hunting, and detection engineering
Advanced experience with Microsoft Sentinel (SIEM) and Microsoft Defender tools
Strong understanding of MITRE ATT&CK framework and adversary tactics
Experience with digital forensics and malware analysis techniques
Ability to analyze logs across identity, endpoint, network, and cloud environments
Strong knowledge of AWS logs (CloudTrail, VPC Flow Logs) and enterprise security tools
Experience with KQL (Kusto Query Language) and advanced correlation analysis
Deep understanding of NIST frameworks (800-53, 800-61, 800-92) and Zero Trust principles
Experience with SOAR platforms and automation (Logic Apps, Sentinel playbooks)
Experience supporting federal environments and compliance (CUI, FTI, NIST, IRS 1075)
Experience leading incident response engagements and reporting to leadership
Preferred certifications include but are not limited to
GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
Microsoft Sentinel or Microsoft security platform certifications
Relevant cloud security certifications (e.g., AWS security)
Privacy certifications (e.g., CIPP/US, CIPM) where applicable
Duties
Lead investigation and response for complex and high-severity security incidents
Perform advanced threat hunting using Microsoft Sentinel and Defender platforms
Conduct digital forensics, malware analysis, and root cause analysis (RCA)
Develop, tune, and optimize detection rules, analytics, and correlation logic
Map detections and activities to MITRE ATT&CK framework
Oversee incident lifecycle management (detection through containment, eradication, and recovery)
Support and improve SOC playbooks, automation workflows, and response procedures
Provide mentorship and guidance to Tier I and Tier II analysts
Identify security control gaps and recommend remediation strategies
Support red team, purple team, and adversary emulation exercises
Contribute to incident reports, quarterly threat reviews, and executive briefings
#J-18808-Ljbffr