Posted today
Public Trust
Senior Level Career (10+ yrs experience)
$96,000 - $108,000
No Traveling
IT - Security
Morrisville, NC (On-Site/Office)
Position Title:bThreat Management Specialist (Tier 2 SOC Analyst)
Location: Morrisville, NC
Clearance Requirements: Public Trust (Ability to Obtain)
Position Status: Full-Time | Contract
Pay Rate: Competitive, based on qualifications
________________________________________
Position Description:
We are seeking Threat Management Specialists (Tier 2) to support a 24x7 Cyber Security Operations Center (CSOC). In this role, you will perform advanced incident analysis, threat detection, and response activities by correlating data across network, endpoint, cloud, and email security platforms.
Tier 2 Analysts serve as escalation points for Tier 1, perform deep-dive investigations, and provide subject matter expertise in network-based attacks, intrusion methodologies, and threat intelligence. You will also contribute to the continuous improvement of SOC operations through automation, SOAR, and AI/ML-driven detection capabilities.
This position is ideal for security analysts who enjoy hands-on investigation, technical problem-solving, and applying modern security tooling to real-world threats.
________________________________________
Shift Details (Multiple Openings):
Position 1
• Hours: 3:30 PM – 11:30 PM ET
• Days Off: Tuesday & Wednesday
Position 2
• Hours: 11:30 PM – 7:30 AM ET
• Days Off: Saturday & Sunday
________________________________________
Key Responsibilities:
• Perform Tier 2 incident analysis by correlating alerts, logs, and telemetry from multiple security platforms
• Analyze network traffic to identify intrusions, exploits, and anomalous behavior
• Investigate and respond to security incidents using established playbooks and SOPs
• Provide subject matter expertise on network-based attacks, IDS/IPS, and intrusion techniques
• Recommend and tune detection mechanisms for exploits and malicious activity
• Escalate complex or high-impact incidents to senior threat management or response teams
• Execute response actions and advise on containment and remediation strategies
• Leverage AI/ML-based tools to improve detection accuracy, automate triage, and enhance threat intelligence
• Analyze and operationalize threat intelligence to assess risk and adapt defenses
• Manage and respond to email-based threats using Proofpoint
• Configure and investigate security events using Splunk, including alert creation and log analysis
• Monitor and analyze network activity using Cisco Firepower
• Deploy and manage SentinelOne agents and investigate endpoint alerts
• Monitor and respond to alerts across platforms such as:
o Microsoft Defender XDR (Endpoint, Office 365, Cloud Apps)
o Azure Entra ID
o Google Cloud Security Command Center (SCC)
• Support SOC automation and SOAR initiatives, identifying opportunities to improve efficiency and response times
• Stay current on emerging threats, threat actors, and cybersecurity trends
________________________________________
Required Skills & Education:
• 8–12 years of relevant cybersecurity or IT security experience
• Bachelor’s degree in a related field (or equivalent experience in lieu of degree)
• 3+ years of IT security experience, with exposure to AI/ML or automation initiatives
• 2+ years of hands-on network traffic analysis experience
• Strong understanding of:
o TCP/IP fundamentals
o Network-level exploits and intrusion techniques
o IDS/IPS architectures, signatures, and anomaly-based detection
o Threat management and incident response workflows
• Experience with cloud security platforms (AWS, Azure, and/or GCP)
• Hands-on experience with SOAR platforms and security automation
• Familiarity with applying AI/ML techniques in a SOC environment, including:
o Anomaly detection
o Automated threat detection
o Incident response automation
o Behavioral analytics
• Experience working with large datasets (logs, network traffic) for analysis and feature extraction
• Strong communication, documentation, and collaboration skills
• Ability to work independently and make sound decisions in a high-tempo environment
________________________________________
Preferred Certifications:
• GIAC Certified Enterprise Defender (GCED)
• GIAC Security Essentials (GSEC)
• CISSP or SSCP
Location: Morrisville, NC
Clearance Requirements: Public Trust (Ability to Obtain)
Position Status: Full-Time | Contract
Pay Rate: Competitive, based on qualifications
________________________________________
Position Description:
We are seeking Threat Management Specialists (Tier 2) to support a 24x7 Cyber Security Operations Center (CSOC). In this role, you will perform advanced incident analysis, threat detection, and response activities by correlating data across network, endpoint, cloud, and email security platforms.
Tier 2 Analysts serve as escalation points for Tier 1, perform deep-dive investigations, and provide subject matter expertise in network-based attacks, intrusion methodologies, and threat intelligence. You will also contribute to the continuous improvement of SOC operations through automation, SOAR, and AI/ML-driven detection capabilities.
This position is ideal for security analysts who enjoy hands-on investigation, technical problem-solving, and applying modern security tooling to real-world threats.
________________________________________
Shift Details (Multiple Openings):
Position 1
• Hours: 3:30 PM – 11:30 PM ET
• Days Off: Tuesday & Wednesday
Position 2
• Hours: 11:30 PM – 7:30 AM ET
• Days Off: Saturday & Sunday
________________________________________
Key Responsibilities:
• Perform Tier 2 incident analysis by correlating alerts, logs, and telemetry from multiple security platforms
• Analyze network traffic to identify intrusions, exploits, and anomalous behavior
• Investigate and respond to security incidents using established playbooks and SOPs
• Provide subject matter expertise on network-based attacks, IDS/IPS, and intrusion techniques
• Recommend and tune detection mechanisms for exploits and malicious activity
• Escalate complex or high-impact incidents to senior threat management or response teams
• Execute response actions and advise on containment and remediation strategies
• Leverage AI/ML-based tools to improve detection accuracy, automate triage, and enhance threat intelligence
• Analyze and operationalize threat intelligence to assess risk and adapt defenses
• Manage and respond to email-based threats using Proofpoint
• Configure and investigate security events using Splunk, including alert creation and log analysis
• Monitor and analyze network activity using Cisco Firepower
• Deploy and manage SentinelOne agents and investigate endpoint alerts
• Monitor and respond to alerts across platforms such as:
o Microsoft Defender XDR (Endpoint, Office 365, Cloud Apps)
o Azure Entra ID
o Google Cloud Security Command Center (SCC)
• Support SOC automation and SOAR initiatives, identifying opportunities to improve efficiency and response times
• Stay current on emerging threats, threat actors, and cybersecurity trends
________________________________________
Required Skills & Education:
• 8–12 years of relevant cybersecurity or IT security experience
• Bachelor’s degree in a related field (or equivalent experience in lieu of degree)
• 3+ years of IT security experience, with exposure to AI/ML or automation initiatives
• 2+ years of hands-on network traffic analysis experience
• Strong understanding of:
o TCP/IP fundamentals
o Network-level exploits and intrusion techniques
o IDS/IPS architectures, signatures, and anomaly-based detection
o Threat management and incident response workflows
• Experience with cloud security platforms (AWS, Azure, and/or GCP)
• Hands-on experience with SOAR platforms and security automation
• Familiarity with applying AI/ML techniques in a SOC environment, including:
o Anomaly detection
o Automated threat detection
o Incident response automation
o Behavioral analytics
• Experience working with large datasets (logs, network traffic) for analysis and feature extraction
• Strong communication, documentation, and collaboration skills
• Ability to work independently and make sound decisions in a high-tempo environment
________________________________________
Preferred Certifications:
• GIAC Certified Enterprise Defender (GCED)
• GIAC Security Essentials (GSEC)
• CISSP or SSCP
group id: 10119426
