SBA - Cyber Defense Analyst

Cyber Defense Analyst Job Description

Position Summary

Essential Duties and Responsibilities

• Perform cybersecurity monitoring, incident detection, triage, analysis, and response activities in support of SBA SOC operations.
• Support 24x7x365 SOC operations in accordance with SBA ECS Task Area 3.5.3 requirements.
• Monitor security alerts and analyze network, endpoint, system, cloud, and application activity for indicators of compromise.
• Investigate cybersecurity incidents and suspicious events utilizing SIEM, EDR, IDS/IPS, firewall, and threat intelligence platforms.
• Support incident response activities in accordance with SBA ECS Task Area 3.5.3.3 and NIST SP 800-61 guidance.
• Create, update, and manage cybersecurity incident tickets, case files, reports, and escalation documentation.
• Perform log analysis and event correlation using multiple security monitoring platforms and data sources.
• Assist with threat hunting activities to identify malicious or anomalous activity across enterprise environments.
• Analyze phishing attempts, malware activity, unauthorized access attempts, and suspicious user behavior.
• Support containment, eradication, remediation, and recovery activities during cybersecurity incidents.
• Document incident findings, response actions, lessons learned, and operational recommendations.
• Escalate incidents to senior analysts, incident responders, or Government leadership based on severity and impact.
• Support vulnerability management coordination and remediation tracking activities.
• Monitor external cybersecurity threat intelligence feeds, CISA advisories, and vulnerability notifications.
• Assist with forensic evidence collection and preservation activities as directed.
• Provide operational support for cloud environments including Microsoft Azure, AWS, Microsoft 365, and SaaS platforms.
• Participate in SOC shift turnover briefings, operational reporting, and incident coordination meetings.
• Support cybersecurity exercises, continuity of operations (COOP) activities, and readiness initiatives.
• Maintain compliance with federal cybersecurity standards, policies, procedures, and reporting requirements.
• Collaborate with internal and external stakeholders to support incident response and operational security objectives.

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Assurance, or related technical discipline. Relevant experience may substitute for education requirements.
• Minimum of 5 years of cybersecurity operations, SOC analysis, cyber defense, or incident response experience.
• Experience supporting enterprise SOC operations, cybersecurity monitoring, and incident response activities.
• Experience with SIEM, EDR, IDS/IPS, vulnerability management, and network security monitoring tools.
• Knowledge of incident response methodologies, threat analysis, and cybersecurity operations concepts.
• Experience analyzing logs, alerts, indicators of compromise, and security event data.
• Understanding of federal cybersecurity frameworks including NIST SP 800-53 and NIST SP 800-61.
• Experience supporting cloud security operations in AWS, Azure, Microsoft 365, or hybrid environments.
• Strong analytical, technical, communication, and documentation skills.
• Ability to work effectively in fast-paced operational environments supporting rotating SOC shifts.

Preferred Certifications

• CompTIA Security+
• CompTIA CySA+
• GIAC Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)
• GIAC Certified Intrusion Analyst (GCIA)
• Splunk Core Certified User or SIEM-related certification
• AWS Certified Security – Specialty
• Microsoft Azure Security Engineer Associate