Koniag Government Services

Security Operations Center Analyst - High

Koniag Government Services$90K — $120K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, IT, Computer Science, or related field.
  • 6+ years of progressive experience in cybersecurity operations.
  • 3+ years in a senior SOC analyst or equivalent advanced role.
  • Experience in federal government or enterprise IT security operations.
  • GIAC or other relevant cybersecurity certifications such as CISSP or CSA.

Responsibilities

  • Perform advanced monitoring and analysis of security alerts and events.
  • Lead investigations of complex security incidents using threat actor methodologies.
  • Act as a senior escalation point for security incidents and complex alerts.
  • Coordinate incident response activities for significant security incidents.
  • Conduct log analysis across diverse data sources to identify malicious activity.
  • Develop and tune SIEM detection rules and dashboards for improved threat detection.
  • Perform advanced threat hunting activities to proactively identify hidden threats.

Benefits

  • Mentorship and development opportunities in a dynamic cybersecurity environment.
  • Collaboration with diverse teams to enhance detection and incident response capabilities.
  • Participation in continuous improvement initiatives for SOC processes and technologies.
Full Job Description
Koniag Data Solutions, a Koniag Government Services company, is seeking a highly skilled and experienced Senior Security Operations Center (SOC) Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is a seasoned cybersecurity professional with extensive experience in advanced security operations, threat detection, and incident response within complex federal government IT environments. This individual will serve as a senior technical resource within SBA's SOC, providing expert-level analysis, mentorship to junior analysts, and close collaboration with the Cybersecurity Operations Technical Lead to protect SBA's enterprise IT environment from sophisticated and evolving cyber threats. The Senior SOC Analyst will serve as an advanced-level cybersecurity operations professional within SBA's Security Operations Center, providing expert threat detection, in-depth security event analysis, and incident response leadership while mentoring junior and mid-level SOC staff and driving continuous improvement of SOC capabilities and processes. Principal responsibilities will include but are not limited to: • Perform advanced, continuous monitoring and analysis of security alerts and events generated by SBA's SIEM platform, IDS/IPS systems, endpoint detection and response (EDR) tools, and other security monitoring technologies, applying expert-level analytical skills to accurately detect, classify, and prioritize security incidents and threats targeting SBA's enterprise environment. • Lead and conduct in-depth investigation and analysis of complex security incidents, applying advanced knowledge of threat actor TTPs, attack methodologies, and the MITRE ATT&CK framework to determine incident scope, root cause, and full impact, and driving incident response activities through to successful resolution. • Serve as a senior escalation point for security incidents and complex alerts escalated by junior and mid-level SOC analysts, providing expert technical guidance, mentorship, and decision support to ensure timely and effective incident triage, escalation, and response. • Lead and support incident response activities for significant security incidents affecting SBA's enterprise environment, coordinating containment, eradication, recovery, and post-incident review activities in accordance with SBA's incident response policies and NIST SP 800-61 guidelines, and communicating incident status and findings to the Cybersecurity Operations Technical Lead and SBA leadership. • Conduct advanced log analysis and correlation across diverse data sources, including Windows Event Logs, Syslog, cloud platform logs, firewall logs, web proxy logs, EDR telemetry, and application logs, to reconstruct attack timelines, identify malicious activity patterns, and develop actionable intelligence to support incident response and detection improvement activities. • Develop, tune, and optimize SIEM detection rules, correlation logic, alert thresholds, and dashboards to improve the accuracy and effectiveness of SBA's threat detection capabilities, reduce false positive rates, and enhance SOC analyst efficiency • Perform advanced threat hunting activities, proactively searching SBA's enterprise environment for hidden threats, indicators of compromise (IOCs), and adversary TTPs using the MITRE ATT&CK framework, threat intelligence feeds, and advanced analytical techniques to identify malicious activity that has evaded automated detection. • Analyze and operationalize threat intelligence from government and commercial sources, including US-CERT, CISA, ISACs, and commercial threat intelligence platforms, to identify relevant threats, update detection capabilities, and prioritize SOC monitoring and response activities based on current threat landscape intelligence. • Develop high-quality incident reports, after-action reviews (AARs), threat analysis reports, and technical documentation capturing incident timelines, root cause analysis, findings, and actionable remediation recommendations, tailored to both technical and non-technical SBA audiences. • Support and contribute to vulnerability management activities, providing expert analysis of vulnerability scan results, assessing real-world exploitability and risk, and advising on remediation prioritization strategies to support timely and effective vulnerability remediation across SBA's system portfolio. • Develop, review, and maintain SOC Standard Operating Procedures (SOPs), incident response playbooks, runbooks, and knowledge base articles, ensuring all SOC operational documentation remains current, accurate, and reflective of evolving threats and best practices. • Provide active mentorship, technical guidance, and on-the-job training to junior and mid-level SOC analysts, contributing to professional development, knowledge sharing, and the overall elevation of SOC team capability and performance. • Support the planning and execution of purple team exercises and tabletop scenarios, collaborating with the blue team and penetration testing staff to validate and improve SBA's detection and response capabilities against realistic attack scenarios. • Coordinate with SBA IT teams, system owners, and other cybersecurity program staff to communicate SOC findings, support remediation activities, and provide technical recommendations to enhance the overall security posture of SBA's enterprise environment. • Contribute to the continuous improvement of SOC processes, tools, technologies, and operational metrics, identifying opportunities to enhance detection effectiveness, response efficiency, and overall SOC performance. Education and Experience: Required: • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university. • 6+ years of progressive experience in cybersecurity operations, with at least 3 years in a senior SOC analyst, lead analyst, or equivalent advanced-level role within a SOC or cyber defense environment. • Demonstrated experience supporting security operations and incident response within a federal government or large enterprise IT environment. • One or more of the following certifications: • GIAC Security Operations Certified (GSOC) • GIAC Certified Incident Handler (GCIH) • GIAC Certified Enterprise Defender (GCED) • GIAC Certified Intrusion Analyst (GCIA) • Certified SOC Analyst (CSA) • Certified Information Systems Security Professional (CISSP) • CompTIA Cybersecurity Analyst (CySA+) Desired: • Master's degree in Cybersecurity, Information Assurance, or a related field. • 8+ years of cybersecurity operations experience, with a strong background supporting federal government or defense contracting SOC programs. • Prior experience supporting SBA or other federal civilian agency SOC programs. Required Skills and Competencies: • Exceptional communication skills in English - both written and oral - with the ability to clearly articulate complex security findings, incident details, threat analysis results, and technical recommendations to both technical and non-technical audiences, including senior SBA leadership and government stakeholders. • Advanced expertise in security event monitoring, threat detection, and incident response operations within a SOC environment, with demonstrated ability to independently manage complex security incidents from initial detection through post-incident review. • Advanced proficiency with SIEM platforms, including Splunk, Microsoft Sentinel, ArcSight, or equivalent, with demonstrated experience developing and tuning detection rules, correlation logic, dashboards, and advanced queries to support threat detection and investigation activities. • Expert-level log analysis skills, with the ability to analyze and correlate security-relevant data across diverse log sources, including Windows Event Logs, Syslog, cloud platform logs, network device logs, and application logs, to reconstruct attack timelines and identify malicious activity. • Advanced knowledge of network security concepts and protocols, including TCP/IP, DNS, HTTP/S, and demonstrated ability to analyze network traffic and packet captures using tools such as Wireshark, Zeek, or equivalent to support incident investigation and threat hunting activities. • Deep proficiency with endpoint detection and response (EDR) platforms, with demonstrated ability to leverage EDR telemetry for advanced threat detection, incident investigation, and threat hunting activities across Windows and Linux endpoint environments. • Demonstrated expertise in applying the MITRE ATT&CK framework to threat detection, threat hunting, incident analysis, and detection engineering activities, with the ability to map observed adversary behaviors to ATT&CK techniques and inform detection improvement efforts. • Strong experience operationalizing threat intelligence from multiple government and commercial sources to enhance SOC detection capabilities, prioritize monitoring activities, and support incident response efforts. • Experience developing high-quality incident reports, after-action reviews, SOC operational reports, and technical briefings, with the ability to communicate complex findings and recommendations clearly and effectively. • Demonstrated ability to mentor and provide technical guidance to junior and mid-level SOC analysts, contributing to team capability development and knowledge sharing within a SOC environment. • Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, FISMA, and applicable CISA guidance, and their implications for SOC operations within a federal civilian agency environment. • Ability to obtain and maintain a Public Trust Clearance. Desired Skills and Competencies: • Prior experience supporting SBA or other federal civilian agency SOC programs, with demonstrated knowledge of SBA's mission, IT environment, and cybersecurity monitoring and response requirements. • Advanced experience with cloud security monitoring and operations in AWS, Azure, or GCP environments, including deep familiarity with cloud-native security tools, logging capabilities, and threat detection methodologies for cloud-hosted workloads and services. • Experience with Security Orchestration, Automation, and Response (SOAR) platforms and proficiency in scripting languages such as Python, PowerShell, or Bash to develop automated detection, triage, and response workflows that enhance SOC efficiency and effectiveness. • Experience conducting digital forensics and malware analysis activities to support incident response investigations, including memory forensics, disk forensics, and basic static and dynamic malware analysis techniques • Knowledge of Zero Trust Architecture (ZTA) principles and their implications for SOC monitoring strategies, detection engineering, and incident response within a federal IT environment. • Familiarity with the CDM (Continuous Diagnostics and Mitigation) program tools, data requirements, and their application in supporting continuous monitoring and threat detection activities within federal civilian agency SOC environments. • Experience with deception technologies, including honeypots and deception platforms, and their application in enhancing SOC threat detection capabilities and supporting adversary attribution efforts. • Experience supporting or leading purple team exercises and collaborative red team/blue team activities to validate and improve detection and response capabilities against realistic adversary TTPs. • GIAC Certified Forensic Analyst (GCFA) or GIAC Network Forensic Analyst (GNFA) certification. • Experience supporting FedRAMP authorized cloud environments and familiarity with FedRAMP continuous monitoring requirements and their implications for SOC monitoring and incident response activities. • Familiarity with threat intelligence platforms (TIPs) such as MISP, ThreatConnect, or Anomali, and experience with structured threat intelligence formats including STIX/TAXII for consuming and sharing threat intelligence within a SOC environment.

About Koniag Government Services

Koniag Government Services Careers

Join the dynamic team at Koniag Government Services, a leader in providing innovative solutions to government clients. This esteemed company offers a plethora of job opportunities that pave the way for professional growth and career advancement in a diverse and inclusive environment.

Explore Career Opportunities

Koniag Government Services is actively hiring and offers a range of positions that cater to various skills and experiences. Whether you're a seasoned professional or a recent graduate, Koniag Government Services provides a platform to enhance your career through meaningful work in a supportive culture.

Innovation and Leadership

At the forefront of innovation, Koniag Government Services encourages its team to lead with creativity and strategic thinking. The company is committed to leadership development and diversity training, ensuring that all team members have the opportunity to excel and contribute to industry-leading projects.

Professional Growth and Development

Koniag Government Services is dedicated to the professional development of its employees. With comprehensive benefits, competitive employment packages, and opportunities for advancement, the company supports its team in achieving their career goals. Networking within the company and industry is encouraged, fostering a community of learning and mutual growth.

Internship Programs

For those starting their career journey, Koniag Government Services offers internship programs that provide real-world experience and a pathway to full-time employment. Interns gain valuable industry knowledge and develop essential skills under the guidance of experienced mentors.

Commitment to Diversity and Inclusion

Diversity is at the core of Koniag Government Services' values. The company is committed to creating an inclusive environment where diverse voices are heard and valued. Diversity training is integral, equipping the team with the tools to thrive in a multicultural setting.

Applying for a Position

To apply for a position at Koniag Government Services, candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess fit both for the role and the company culture, ensuring alignment with the team’s values and objectives.

Stay Connected with Koniag Government Services Careers

Explore the various job opportunities and embark on a path of professional growth and innovation. Koniag Government Services is not just a workplace but a community where careers flourish in an environment of respect, integrity, and continuous learning.

Search Koniag Government Services Jobs

Discover the exciting career opportunities available at Koniag Government Services. Search for open positions that match your skills and interests, and join a team that values curiosity, creativity, and collaboration.

Keep Up to Date

Stay informed with the latest career tips, industry insights, and company updates directly from Koniag Government Services. Engage with content that can transform your professional journey and lead to rewarding opportunities.

Job Alert Emails

Personalize your subscription to receive job alerts and insider tips tailored to your preferences from Koniag Government Services. See what exciting and rewarding opportunities await in the field of government services.
Learn more about Koniag Government Services
Size
501 employees
Industry

Similar Jobs

More Jobs at Koniag Government Services

More Information Technology Jobs

Find similar Security Operations Center Analyst - High jobs: