Senior SOC Analyst
ISI · Reston, VA · 1 mo ago
HybridConsulting$120k–$140k/yrFull-time
Key Responsibilities
- Investigate and respond to complex security alerts, suspicious activity, and escalated incidents across endpoints, identity, email, cloud, and network environments.
- Initiate and coordinate containment, eradication, and recovery actions in accordance with established playbooks.
- Make real-time containment and escalation decisions during active incidents.
- Serve as the senior analyst for high-priority alerts and incidents, helping determine scope, impact, and recommended containment actions.
- Perform proactive threat hunting using SIEM, EDR/XDR, threat intelligence, and behavioral indicators to identify suspicious or malicious activity.
- Support detection tuning and continuous improvement of alert logic, correlation rules, and SOC workflows to reduce false positives and improve visibility.
- Analyze and correlate security telemetry across enterprise tools to identify account misuse, suspicious behavior, and indicators of compromise.
- Support monitoring and investigation in a Microsoft-centric environment, including endpoint, identity, email, and cloud-based security events.
- Work within modern XDR workflows, including experience with CrowdStrike XDR and comparable detection and response platforms.
- Document investigations clearly and maintain accurate case notes, escalation details, and incident records.
- Provide technical guidance and mentorship to SOC Analyst I and II team members, including reviewing escalations and helping improve analyst consistency.
- Support audit readiness and operational reporting through thorough documentation and adherence to established incident handling practices.
Required Qualifications
- Must be a U.S. citizen
- Active Secret clearance is preferred
- Must be able to obtain and maintain a U.S. Government security clearance, as required for the role
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience
- 5+ years of experience in a SOC, incident response, or cybersecurity operations role
- Strong experience with enterprise SIEM, EDR/XDR, identity, email security, and threat monitoring platforms in a production SOC environment
- Proven experience leading alert triage, incident analysis, escalation handling, and threat hunting for complex or high-priority security events
- Demonstrated experience independently leading security incidents from detection through containment and recovery
- Experience working in a Microsoft-centric security environment is strongly preferred, including monitoring and investigation across endpoint, identity, email, and cloud telemetry
- Hands-on experience with CrowdStrike XDR
- Strong understanding of attacker behavior, incident response processes, detection tuning, and security operations best practices
- Experience working in regulated environments is preferred, especially those aligned with NIST SP 800-171, CMMC, or FedRAMP
- One DoD 8570/8140-aligned baseline certification, such as CySA+, CEH, or CFR, or ability to obtain one within 6 months of hire
- Strong written communication skills, sound judgment during active incidents, and the ability to operate independently in a senior analyst capacity