Koniag Government Services

Security Operations Center Analyst - Mid

Koniag Government Services$75K — $95K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, IT, Computer Science, or related field, or equivalent experience
  • 3+ years in cybersecurity operations or security event monitoring within a SOC
  • Experience with SIEM platforms and security monitoring tools
  • Certifications such as CompTIA Security+, GIAC GSEC, or comparable
  • Strong written and verbal communication skills in English

Responsibilities

  • Monitor SBA networks, systems, and cloud environments for potential threats using security tools
  • Analyze and triage security alerts to determine incident validity and escalate as necessary
  • Support incident response activities, including containment and evidence preservation
  • Investigate security incidents by analyzing system logs and network traffic
  • Document SOC activities and security incidents in ticketing systems
  • Assist in developing SIEM detection rules and enhancing existing alerting thresholds
  • Support threat hunting and utilize external threat intelligence for proactive monitoring

Benefits

  • Health, dental, and vision insurance
  • 401(k) retirement plan with company match
  • Paid time off and holidays
  • Professional development and training opportunities
  • Flexible work hours and potential remote work options
Full Job Description
Koniag Data Solutions, a Koniag Government Services company, is seeking a skilled Mid-Level Security Operations Center (SOC) Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is an experienced cybersecurity professional with a solid foundation in security event monitoring, threat detection, and incident response within a SOC environment. This individual will play an important role in protecting SBA's systems, networks, and data by actively monitoring for threats, analyzing security events, and supporting incident response activities in alignment with federal cybersecurity policies and SBA security requirements. The Mid-Level SOC Analyst will serve as an experienced cybersecurity operations professional responsible for monitoring, detecting, analyzing, and supporting the response to cybersecurity threats targeting SBA's enterprise IT environment. Working under the guidance of the Cybersecurity Operations Technical Lead and Senior Cyber Defense Analysts, this individual will contribute meaningfully to all aspects of SOC operations while continuing to develop and refine their technical skills and expertise. Principal responsibilities will include but are not limited to: - Perform continuous monitoring of SBA networks, systems, endpoints, and cloud environments using SIEM platforms, IDS/IPS tools, EDR solutions, and other security technologies to detect and identify potential threats, anomalies, and indicators of compromise. - Conduct analysis and triage of security events and alerts generated by SOC monitoring tools, determining the validity, scope, and severity of potential security incidents and escalating confirmed or suspected incidents to senior analysts and the Technical Lead in accordance with established procedures. - Support incident response activities, including initial containment actions, evidence preservation, and coordination with senior analysts and the Technical Lead during active security incidents, following SBA's incident response policies and NIST SP 800-61 guidelines. - Investigate security events and incidents by analyzing network traffic, system logs, endpoint telemetry, and other relevant data sources to identify the root cause, scope, and impact of potential security issues. - Document security events, incidents, and investigative findings accurately and thoroughly in SBA's ticketing and case management systems, maintaining detailed records of all SOC activities in accordance with established documentation standards. - Assist in the development and refinement of SIEM detection rules, correlation logic, and alerting thresholds under the guidance of senior analysts and the Technical Lead, contributing recommendations based on observed alert patterns and false positive analysis. - Support threat hunting activities by executing predefined hunt playbooks and assisting senior threat hunters in the identification of indicators of compromise and malicious activity within SBA's environment. - Monitor and analyze threat intelligence from government and commercial sources, including US-CERT, CISA, and relevant ISACs, to stay current on emerging threats and incorporate relevant intelligence into daily SOC monitoring and analysis activities. - Assist in the development and maintenance of SOC Standard Operating Procedures (SOPs), incident response playbooks, and runbooks, contributing updates and improvements based on operational experience and lessons learned. - Collaborate effectively with SBA IT teams, system owners, and other stakeholders to communicate security findings, support remediation coordination, and contribute to the improvement of SBA's overall security posture. - Support vulnerability management activities by reviewing and analyzing vulnerability scan results, assisting with the identification of high-priority vulnerabilities, and coordinating with system owners on remediation tracking and follow-up. - Participate in after-action reviews (AARs) and lessons learned sessions following significant security incidents, contributing observations and recommendations to improve SOC processes, procedures, and capabilities. - Prepare and contribute to the development of security incident reports, shift handover reports, and other SOC documentation, ensuring accuracy, completeness, and adherence to established reporting standards. - Participate in SOC team training activities, tabletop exercises, and professional development opportunities to continuously expand technical knowledge and skills in cybersecurity operations and threat analysis. - Ensure all SOC activities comply with applicable federal cybersecurity frameworks, policies, and regulations, including NIST, FISMA, and DHS/CISA directives and guidance. Education and Experience: Required: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university. - Relevant work experience may be considered in lieu of a degree. - 3+ years of experience in cybersecurity operations, security event monitoring, or a related field, with demonstrated experience working within a SOC or cyber defense environment. - Demonstrated experience working with SIEM platforms and security monitoring tools in an operational environment. - One or more of the following certifications: - CompTIA Security+ - CompTIA Cybersecurity Analyst (CySA+) - Certified SOC Analyst (CSA) - GIAC Security Essentials (GSEC) - GIAC Certified Incident Handler (GCIH) - Systems Security Certified Practitioner (SSCP) Desired: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. - 5+ years of cybersecurity operations experience, with a focus on SOC operations within a federal government or defense contracting environment. Required Skills and Competencies: - Strong communication skills in English - both written and oral - with the ability to clearly document and communicate security findings, incident details, and analytical results to both technical and non-technical audiences. - Solid understanding of security event monitoring, alert triage, and incident response processes and procedures within a SOC environment. - Working knowledge of SIEM platforms (e.g., Splunk, Microsoft Sentinel, ArcSight, or similar), including the ability to perform log searches, build basic queries, and analyze security event data to identify potential threats and anomalies. - Foundational knowledge of network security concepts, including TCP/IP, DNS, HTTP/S, firewalls, IDS/IPS, and the ability to analyze basic network traffic patterns to identify potentially malicious activity - Experience working with endpoint detection and response (EDR) tools and the ability to investigate host-based security alerts and identify indicators of compromise on endpoints - Familiarity with the MITRE ATT&CK framework and the ability to apply ATT&CK tactics and techniques to the analysis and classification of security events and incidents. - Ability to conduct log analysis across common data sources, including Windows Event Logs, Syslog, and application logs, to support security event investigation and incident response activities. - Familiarity with threat intelligence concepts and the ability to leverage threat intelligence feeds and indicators of compromise (IOCs) to support security monitoring and analysis activities - Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, and FISMA, and their application to SOC operations within a federal environment - Ability to accurately document security events, incidents, and investigative findings in ticketing and case management systems in a clear, concise, and thorough manner. - Strong analytical and problem-solving skills with the ability to assess security alerts and events, identify patterns of potentially malicious activity, and escalate findings appropriately. - Ability to work effectively both independently and as part of a collaborative team in a fast-paced, mission-driven SOC environment, including the ability to manage multiple concurrent tasks and priorities - Ability to obtain and maintain a Public Trust Clearance. Desired Skills and Competencies: - Prior experience supporting SBA or other federal civilian agency SOC operations or cybersecurity programs. - Experience with cloud security monitoring in AWS, Azure, or GCP environments, including familiarity with cloud-native logging and monitoring services such as AWS CloudTrail, Azure Monitor, or Google Cloud Logging. - Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms and basic scripting capabilities in Python or PowerShell to support the automation of routine SOC tasks and workflows. - Experience supporting vulnerability management activities, including working with vulnerability scanning tools such as Tenable Nessus, Qualys, or similar platforms. - Knowledge of Zero Trust Architecture (ZTA) principles and their implications for security monitoring and SOC operations within a federal IT environment. - Familiarity with the CDM (Continuous Diagnostics and Mitigation) program tools, data requirements, and their role in supporting federal civilian agency SOC operations. - Experience participating in incident response activities and contributing to after-action reviews and lessons learned processes. - Familiarity with digital forensics concepts and basic forensic investigation techniques to support the collection and preservation of digital evidence during incident response activities. - GIAC Security Operations Certified (GSOC) or GIAC Certified Enterprise Defender (GCED) certification. - Experience working within a FedRAMP authorized cloud environment and familiarity with FedRAMP security requirements as they relate to SOC monitoring and incident response activities.

About Koniag Government Services

Koniag Government Services Careers

Join the dynamic team at Koniag Government Services, a leader in providing innovative solutions to government clients. This esteemed company offers a plethora of job opportunities that pave the way for professional growth and career advancement in a diverse and inclusive environment.

Explore Career Opportunities

Koniag Government Services is actively hiring and offers a range of positions that cater to various skills and experiences. Whether you're a seasoned professional or a recent graduate, Koniag Government Services provides a platform to enhance your career through meaningful work in a supportive culture.

Innovation and Leadership

At the forefront of innovation, Koniag Government Services encourages its team to lead with creativity and strategic thinking. The company is committed to leadership development and diversity training, ensuring that all team members have the opportunity to excel and contribute to industry-leading projects.

Professional Growth and Development

Koniag Government Services is dedicated to the professional development of its employees. With comprehensive benefits, competitive employment packages, and opportunities for advancement, the company supports its team in achieving their career goals. Networking within the company and industry is encouraged, fostering a community of learning and mutual growth.

Internship Programs

For those starting their career journey, Koniag Government Services offers internship programs that provide real-world experience and a pathway to full-time employment. Interns gain valuable industry knowledge and develop essential skills under the guidance of experienced mentors.

Commitment to Diversity and Inclusion

Diversity is at the core of Koniag Government Services' values. The company is committed to creating an inclusive environment where diverse voices are heard and valued. Diversity training is integral, equipping the team with the tools to thrive in a multicultural setting.

Applying for a Position

To apply for a position at Koniag Government Services, candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess fit both for the role and the company culture, ensuring alignment with the team’s values and objectives.

Stay Connected with Koniag Government Services Careers

Explore the various job opportunities and embark on a path of professional growth and innovation. Koniag Government Services is not just a workplace but a community where careers flourish in an environment of respect, integrity, and continuous learning.

Search Koniag Government Services Jobs

Discover the exciting career opportunities available at Koniag Government Services. Search for open positions that match your skills and interests, and join a team that values curiosity, creativity, and collaboration.

Keep Up to Date

Stay informed with the latest career tips, industry insights, and company updates directly from Koniag Government Services. Engage with content that can transform your professional journey and lead to rewarding opportunities.

Job Alert Emails

Personalize your subscription to receive job alerts and insider tips tailored to your preferences from Koniag Government Services. See what exciting and rewarding opportunities await in the field of government services.
Learn more about Koniag Government Services
Size
501 employees
Industry

Similar Jobs

More Jobs at Koniag Government Services

More Information Technology Jobs

Find similar Security Operations Center Analyst - Mid jobs: