Posted today
Public Trust
Early Career (2+ yrs experience)
Unspecified
No Traveling
IT - Security
At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
phia is hiring a Cyber Operations Analyst (SOC Threat Management) to support 24x7 operations in a large Federal agency Cyber Security Operations Center (CSOC). This role focuses on advanced cyber threat monitoring & detection, incident analysis, and leveraging AI/ML and automation to enhance SOC efficiency. The ideal candidate will have strong expertise in network traffic analysis, cyber threat intelligence analysis, and hands-on experience with modern security tools and cloud environments.
This shift-based position offers REMOTE work flexibility with a schedule of Monday – Friday, 11:30 PM – 07:30 AM ET. Qualified candidates will be U.S. Citizens and located in the United States, able to achieve Public Trust security vetting approval.
What You’ll Do:
+Support 24x7 monitoring, detection, and management of advanced cyber threats.
+Perform deep-dive incident analysis by correlating data from multiple sources to determine impact on critical systems or datasets.
+Execute operational processes in support of response efforts to identified security incidents.
+Analyze network traffic to identify exploit or intrusion attempts, and recommend, implement, and tune detection mechanisms.
+Provide subject matter expertise on network-based attacks, intrusion methodologies, and threat management.
+Escalate complex incidents for further investigation and collaborate with other Threat Management team members.
+Utilize AI/ML-based tools to detect anomalies, automate triage, and improve threat intelligence.
+Conduct threat intelligence analysis to assess risk and adapt defenses using ML-enhanced tools.
+Manage email security using ProofPoint and respond promptly to threats.
+Configure and optimize Splunk for log analysis, alerting, and incident investigation.
+Deploy and monitor SentinelOne agents, FirePower detection rules and configurations, and enforce robust security measures.
+Monitor and respond to alerts across platforms including Microsoft Defender XDR, Defender for Endpoint, Defender for Office 365, Azure Entra ID, and Google Cloud SCC.
+Tune security policies, maintain visibility into cloud and endpoint environments, and support continuous improvement of security posture.
+Identify and implement automation use cases leveraging AI/ML and SOAR capabilities.
+Stay current on cybersecurity trends, threat actors, and AI/ML advancements relevant to SOC operations.
Who You Are:
--> Experienced in cyber/IT security with at least 3+ years in cybersecurity/SOC analysis and operations.
--> Familiarity with Artificial Intelligence / Machine Learning (AI/ML) capabilities, and their application to cyber analysis and SOC operations.
--> Skilled in network traffic analysis and threat detection methodologies.
--> Strong understanding of Boolean logic, TCP/IP fundamentals, network-level exploits, and IDS/IPS technologies.
--> Familiar with control frameworks, risk management techniques, and cloud security (AWS, Azure, GCP).
--> Hands-on experience with cybersecurity automation and SOAR platforms.
--> Proficient in using ML frameworks for anomaly detection, threat intelligence, and behavioral analysis.
Excellent communication, organizational, and interpersonal skills.
Preferred Skills:
>> Experience with Splunk, ProofPoint, Cisco FirePower, SentinelOne, and Microsoft Defender suite.
>> Expertise with IDS/IPS architectures, signature creation, and anomaly-based detection.
>> Strong data analysis and feature engineering skills for ML-based security models.
>> Direct experience with AI/ML applications in SOC environments, including automated threat detection and predictive analytics.
Required Education + Experience:
-- BA/BS in Computer Science, IT, or related field (or equivalent experience).
-- 3+ years of direct experience in cybersecurity and SOC analysis & operations
Certifications (desired, or similar):
--GIAC Certified Enterprise Defender (GCED)
--GIAC Certified Intrusion Analyst (GCIA)
--GIAC Certified Detection Analyst (GCDA)
--GIAC Certified Incident Handler (GCIH)
--GIAC Defending Advanced Threats (GDAT)
--GIAC Security Operations Certified (GSOC)
--Certified Information Systems Security Professional (CISSP)
Security Clearance/Vetting: U.S. Citizenship required
Ability to obtain Public Trust clearance
WORK SCHEDULE: Monday–Friday, 11:30 PM – 7:30 AM ET
WORK LOCATION: Remote
DAYS OFF: Saturday and Sunday
TRAVEL: N/A
TELEWORK ELIGIBILITY: Yes
SECURITY REQUIREMENTS: Public Trust
Who We Are:
phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia offers excellent benefits to enhance work-life balance, including the following:
>>> Medical Insurance
>>> Dental Insurance
>>> Vision Insurance
>>> Life Insurance
>>> Short Term & Long Term Disability
>>> 401k Retirement Savings Plan with Company Match
>>> Paid Holidays
>>> Paid Time Off (PTO)
>>> Tuition and Professional Development Assistance
phia is hiring a Cyber Operations Analyst (SOC Threat Management) to support 24x7 operations in a large Federal agency Cyber Security Operations Center (CSOC). This role focuses on advanced cyber threat monitoring & detection, incident analysis, and leveraging AI/ML and automation to enhance SOC efficiency. The ideal candidate will have strong expertise in network traffic analysis, cyber threat intelligence analysis, and hands-on experience with modern security tools and cloud environments.
This shift-based position offers REMOTE work flexibility with a schedule of Monday – Friday, 11:30 PM – 07:30 AM ET. Qualified candidates will be U.S. Citizens and located in the United States, able to achieve Public Trust security vetting approval.
What You’ll Do:
+Support 24x7 monitoring, detection, and management of advanced cyber threats.
+Perform deep-dive incident analysis by correlating data from multiple sources to determine impact on critical systems or datasets.
+Execute operational processes in support of response efforts to identified security incidents.
+Analyze network traffic to identify exploit or intrusion attempts, and recommend, implement, and tune detection mechanisms.
+Provide subject matter expertise on network-based attacks, intrusion methodologies, and threat management.
+Escalate complex incidents for further investigation and collaborate with other Threat Management team members.
+Utilize AI/ML-based tools to detect anomalies, automate triage, and improve threat intelligence.
+Conduct threat intelligence analysis to assess risk and adapt defenses using ML-enhanced tools.
+Manage email security using ProofPoint and respond promptly to threats.
+Configure and optimize Splunk for log analysis, alerting, and incident investigation.
+Deploy and monitor SentinelOne agents, FirePower detection rules and configurations, and enforce robust security measures.
+Monitor and respond to alerts across platforms including Microsoft Defender XDR, Defender for Endpoint, Defender for Office 365, Azure Entra ID, and Google Cloud SCC.
+Tune security policies, maintain visibility into cloud and endpoint environments, and support continuous improvement of security posture.
+Identify and implement automation use cases leveraging AI/ML and SOAR capabilities.
+Stay current on cybersecurity trends, threat actors, and AI/ML advancements relevant to SOC operations.
Who You Are:
--> Experienced in cyber/IT security with at least 3+ years in cybersecurity/SOC analysis and operations.
--> Familiarity with Artificial Intelligence / Machine Learning (AI/ML) capabilities, and their application to cyber analysis and SOC operations.
--> Skilled in network traffic analysis and threat detection methodologies.
--> Strong understanding of Boolean logic, TCP/IP fundamentals, network-level exploits, and IDS/IPS technologies.
--> Familiar with control frameworks, risk management techniques, and cloud security (AWS, Azure, GCP).
--> Hands-on experience with cybersecurity automation and SOAR platforms.
--> Proficient in using ML frameworks for anomaly detection, threat intelligence, and behavioral analysis.
Excellent communication, organizational, and interpersonal skills.
Preferred Skills:
>> Experience with Splunk, ProofPoint, Cisco FirePower, SentinelOne, and Microsoft Defender suite.
>> Expertise with IDS/IPS architectures, signature creation, and anomaly-based detection.
>> Strong data analysis and feature engineering skills for ML-based security models.
>> Direct experience with AI/ML applications in SOC environments, including automated threat detection and predictive analytics.
Required Education + Experience:
-- BA/BS in Computer Science, IT, or related field (or equivalent experience).
-- 3+ years of direct experience in cybersecurity and SOC analysis & operations
Certifications (desired, or similar):
--GIAC Certified Enterprise Defender (GCED)
--GIAC Certified Intrusion Analyst (GCIA)
--GIAC Certified Detection Analyst (GCDA)
--GIAC Certified Incident Handler (GCIH)
--GIAC Defending Advanced Threats (GDAT)
--GIAC Security Operations Certified (GSOC)
--Certified Information Systems Security Professional (CISSP)
Security Clearance/Vetting: U.S. Citizenship required
Ability to obtain Public Trust clearance
WORK SCHEDULE: Monday–Friday, 11:30 PM – 7:30 AM ET
WORK LOCATION: Remote
DAYS OFF: Saturday and Sunday
TRAVEL: N/A
TELEWORK ELIGIBILITY: Yes
SECURITY REQUIREMENTS: Public Trust
Who We Are:
phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia offers excellent benefits to enhance work-life balance, including the following:
>>> Medical Insurance
>>> Dental Insurance
>>> Vision Insurance
>>> Life Insurance
>>> Short Term & Long Term Disability
>>> 401k Retirement Savings Plan with Company Match
>>> Paid Holidays
>>> Paid Time Off (PTO)
>>> Tuition and Professional Development Assistance
group id: 10502585
