Information Technology -> Cyber
Herndon, VA
•
ID: 916-383
•
Full-Time/Regular
The Tier 2 Cybersecurity Analyst role supports advanced threat detection and incident response within a Security Operations Center (SOC). This position serves as an escalation point for Tier 1 Analysts and is responsible for conducting deeper analysis and investigation of complex security events. Candidates should possess more than five years of experience in cybersecurity operations, with direct involvement in intrusion detection, incident response, and threat analysis.

Key Responsibilities:

• Investigate complex incidents escalated from Tier 1 Analysts.
• Perform deep-dive log analysis, packet inspection, and event correlation across multiple systems.
• Lead containment, eradication, and recovery efforts during security incidents.
• Conduct root cause analysis and document technical findings in detailed incident reports.
• Recommend improvements to detection and response capabilities based on threat activity and incident trends.
• Coordinate across technical teams and stakeholders to ensure accurate and timely incident response.
• Maintain awareness of evolving threats, vulnerabilities, and adversary tactics.

Required Qualifications:

• A minimum of five (5) years of experience in information systems security operations, including system monitoring, intrusion detection, threat analysis, and incident response.
• Active TS-SCI
• Experience with enterprise SIEM platforms, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools.
• Demonstrated ability to analyze events and artifacts across Windows, Linux, and network infrastructure.
• Proficiency in interpreting indicators of compromise and leveraging frameworks such as MITRE ATT&CK and NIST.
• Strong verbal and written communication skills, including incident documentation and reporting.
• Ability to work independently and collaboratively in a high-tempo operational environment.

Desired Qualifications:

• Industry certifications such as CompTIA Security+, CySA+, CEH, GCIH, GCIA, or CISSP.
• Experience supporting Department of Defense (DoD) cybersecurity missions.
• Familiarity with scripting or automation (e.g., Python, PowerShell) to support investigative workflows.
• Experience with threat intelligence platforms and integration into SOC operations.

Familiarity with the following tools, software, and hardware is strongly preferred:

• Security Tools & Platforms: Suricata, Arkime, Zeek, Splunk, Trellix, ACAS
• Infrastructure Technologies: Proxmox, Elasticsearch, Kubernetes (K8s) or other microservice deployments
• Network and Security Hardware: Palo Alto firewalls, Gigamon Packet Broker, Gigamon A and M Series Taps, Dell PowerEdge Servers, Cisco routers, switches, and firewalls

• Investigate complex incidents escalated from Tier 1 Analysts.
• Perform deep-dive log analysis, packet inspection, and event correlation across multiple systems.
• Lead containment, eradication, and recovery efforts during security incidents.
• Conduct root cause analysis and document technical findings in detailed incident reports.
• Recommend improvements to detection and response capabilities based on threat activity and incident trends.
• Coordinate across technical teams and stakeholders to ensure accurate and timely incident response.
• Maintain awareness of evolving threats, vulnerabilities, and adversary tactics