United States onlyQualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 4+ years of experience in cybersecurity operations or SOC analysis
- Demonstrated authoring of daily security analysis checklists, IR playbooks, threat reports
- Hands-on with SIEM required; hands-on EDR required; hands-on with SOAR OR NDR required (at least one)
- Strong knowledge of security monitoring, incident response, and threat detection
- Familiarity with NIST frameworks, FISMA, and federal cybersecurity standards
- Experience analyzing logs across network, endpoint, and cloud environments
- Knowledge of Microsoft 365, Azure, and identity management (Entra ID)
- Experience supporting federal agencies and compliance frameworks
- Experience with VMware, Linux administration, and disaster recovery planning
- Active certifications such as CISSP or GCIH or CEH
- Experience with PowerShell scripting and automation tools
Duties:
- Perform all security analysis activities according to established standards.
- Maintain threat awareness and monitor NIGC information systems for exploits and any suspicious activities; analyze aggregated logs and reports from security tools.
- Develop a daily security analysis and reporting checklist and execute activities identified in the checklist.
- Evaluate effectiveness of security analysis activities compared to best practices and recommend improvements.
- Adhere to Continuous Monitoring practices to evaluate the effectiveness of implemented security controls and execute proactive threat hunting activities to ensure confidentiality, integrity, and availability of NIGC information systems.
- Develop detection and response configuration policies to increase automation and alerting.
- Develop Incident handling procedures.
- Execute Incident Response activities to include all associated actions according to the NIGC incident response plan.
- Validate that sufficient and relevant information is captured and retained from security tools to support actionable security awareness and incident investigations.
- Collect security operations performance and NIGC security posture management metrics and prepare NIGC threat reports to inform risk management decisions.
