The Journeyman SOC Analyst supports the analysis of enterprise technology devices, including OT and ICS systems. Responsibilities include log and forensic analysis of Windows/Linux systems, timeline and activity reviews, authentication audits, and malware triage. The role also involves identifying unusual files, scripts, or user activity via EDR tools, providing feedback to improve SOC visibility and processes, and coordinating forensic efforts with case management.
Clearance Requirement:
Interim or Secret Clearance
Location: (Onsite 5x per week)
Port Hueneme California 93043
Responsibilities
-
Support client leaders in building and managing a Security Operations Center (SOC) to enable incident response and threat hunting.
-
Manage SIEM platforms, monitor security alerts, and coordinate vulnerability assessments and artifact collection.
-
Conduct proactive threat hunts across endpoints, networks, and cloud environments; analyze suspicious activities to detect IOCs, TTPs, and emerging threats.
-
Collaborate with incident response teams to investigate and remediate incidents; operationalize threat intelligence to inform hunting activities.
-
Create and refine detection rules, automation workflows, and scripts to enhance SOC efficiency and response.
-
Research, evaluate, and implement new tools/technologies, analyze network and system logs, and deliver findings in both technical and executive reports.
-
Assess network structures and device configurations for security risks and provide recommendations.
Qualifications
-
Bachelor’s degree in a technical discipline (e.g., Computer Science, Information Technology, Engineering, or related field).
-
Minimum 3 years of experience in security operations.
-
Proficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages, system/application vulnerabilities, and compliance with Department of Defense (DoD) policies and procedures.
-
Extensive knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, Security Center.
-
Capable of attack reconstruction based on network traffic, integrating Threat Intelligence, and familiar with MITRE ATT&CK framework, with the ability to collaborate effectively across multiple locations.
-
Experience in other tools and communication languages as applicable such as Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAP.
-
Understands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliances.
Desired Certifications:
-
Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant IT technology certification
-
Examples of other certifications include:
-
DoD 8570 Cyber Security Service Provider (CSSP) or IAT Level II complaint
-
Certified Ethical Hacker (CEH)
-
Certified First Responder (CFR)
-
Computer Hacking Forensic Investigator (CHFI)
-
CompTIA Cyber Security Analyst (CySA+)
-
Global Information Assurance Certification (GIAC) Certifications
-
Network Forensic Analyst (GNFA).
-
Certified Intrusion Analyst (GCIA).
-
Certified Incident Handler (GCIH).
-
Additional certifications at an equivalent may also be considered.
Salary Range:
$100,000-$130,000
Our final salary offer will be based on several factors, including depth of technical skills, work experience, education, certifications, and clearance