CBO - Tier 2 SOC Analyst
cFocus Software Incorporated, Washington, District of Columbia, United States
cFocus Software seeks a Tier 2 SOC Analyst to join our program supporting the Congressional Budget Office (CBO). This position is remote and requires a Public Trust clearance.
Qualifications
Active Public Trust clearance
B.S. Computer Science, Information Technology, or a related field
2+ years of SOC Analyst experience
Strong knowledge of cybersecurity operations and incident response processes
Experience with SIEM platforms, preferably Microsoft Sentinel
Understanding of MITRE ATT&CK framework and threat actor tactics
Experience analyzing logs from endpoints, networks, cloud, and identity systems
Familiarity with Microsoft Defender tools (Endpoint, Identity) and cloud platforms (AWS)
Experience with digital forensics and malware analysis
Familiarity with SOAR tools and automation workflows
Experience supporting federal or regulated environments (NIST, CUI, etc.)
Ability to perform threat hunting and advanced correlation analysis
Preferred certifications include but are not limited to
GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
Microsoft Sentinel or Microsoft security platform certifications
Relevant cloud security certifications (e.g., AWS security)
Privacy certifications (e.g., CIPP/US, CIPM) where applicable
Duties
Perform advanced analysis and investigation of escalated security alerts and incidents
Conduct root cause analysis (RCA) and determine scope and impact of incidents
Support incident response activities including containment, eradication, and recovery
Perform threat hunting across identity, endpoint, network, cloud, and application logs
Correlate events across multiple data sources within SIEM (Microsoft Sentinel)
Develop and tune detection rules, analytics, and use cases
Maintain and improve SOC playbooks and incident response procedures
Provide detailed documentation of investigations, findings, and remediation actions
Support reporting requirements including contributions to monthly and quarterly reports
Collaborate with Tier I and Tier III analysts, engineers, and stakeholders
#J-18808-Ljbffr
Qualifications
Active Public Trust clearance
B.S. Computer Science, Information Technology, or a related field
2+ years of SOC Analyst experience
Strong knowledge of cybersecurity operations and incident response processes
Experience with SIEM platforms, preferably Microsoft Sentinel
Understanding of MITRE ATT&CK framework and threat actor tactics
Experience analyzing logs from endpoints, networks, cloud, and identity systems
Familiarity with Microsoft Defender tools (Endpoint, Identity) and cloud platforms (AWS)
Experience with digital forensics and malware analysis
Familiarity with SOAR tools and automation workflows
Experience supporting federal or regulated environments (NIST, CUI, etc.)
Ability to perform threat hunting and advanced correlation analysis
Preferred certifications include but are not limited to
GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
Microsoft Sentinel or Microsoft security platform certifications
Relevant cloud security certifications (e.g., AWS security)
Privacy certifications (e.g., CIPP/US, CIPM) where applicable
Duties
Perform advanced analysis and investigation of escalated security alerts and incidents
Conduct root cause analysis (RCA) and determine scope and impact of incidents
Support incident response activities including containment, eradication, and recovery
Perform threat hunting across identity, endpoint, network, cloud, and application logs
Correlate events across multiple data sources within SIEM (Microsoft Sentinel)
Develop and tune detection rules, analytics, and use cases
Maintain and improve SOC playbooks and incident response procedures
Provide detailed documentation of investigations, findings, and remediation actions
Support reporting requirements including contributions to monthly and quarterly reports
Collaborate with Tier I and Tier III analysts, engineers, and stakeholders
#J-18808-Ljbffr