Job Requirements
Huntsville, AL
Top Secret Polygraph not specified
Career Level not specified
$75,000 - $90,000
Job Description
Senior SOC Watchfloor Analyst – Top Secret / TS/SCI
Overview
We are seeking a Senior SOC Watchfloor Analyst to support a high-visibility, mission-critical cybersecurity operations environment. This role is focused on real-time monitoring, threat detection, and incident response within a 24/7 Security Operations Center (SOC).
The ideal candidate brings deep experience in SOC operations, cyber defense, incident response, and SIEM analysis, along with the ability to lead watchfloor activities and support enterprise-scale cybersecurity operations.
Key Responsibilities
Lead real-time SOC watchfloor operations, including continuous monitoring and alert triage across enterprise systems
Analyze and investigate security events, alerts, and anomalies using SIEM platforms (e.g., Splunk, QRadar, ELK)
Perform event correlation across multiple data sources (network traffic, logs, endpoints, cloud environments) to identify threat activity
Detect, analyze, and escalate cybersecurity incidents, intrusions, and suspicious activity
Support and lead incident response activities, including containment, eradication, and recovery
Conduct threat hunting and forensic analysis to identify root cause and scope of incidents
Document and communicate incident timelines, impact analysis, and remediation actions
Provide watchfloor leadership, mentoring junior analysts and coordinating activities across shifts
Develop and tune SIEM correlation rules, alerts, and dashboards
Generate reports and provide briefings to stakeholders on threats, trends, and operational status
Collaborate with cross-functional teams on vulnerability remediation and system hardening efforts
Required Qualifications
Bachelor's Degree
Active Top Secret clearance (TS/SCI strongly preferred)
8+ years of experience in Security Operations Center (SOC), cyber defense, or incident response roles
Proven experience with SIEM platforms (Splunk, QRadar, Elastic, etc.)
Strong knowledge of:
Network protocols (TCP/IP), OSI model, and network traffic analysis
Threat detection and incident response methodologies
Log aggregation and analysis across enterprise systems
Experience performing multi-source event correlation and threat analysis
Familiarity with:
NIST 800-61 (Incident Response)
MITRE ATT&CK framework
Ability to operate in a fast-paced, 24/7 operational environment (shift work required)
Preferred Qualifications
Experience in watchfloor or shift lead roles within a SOC environment
Hands-on experience with:
Endpoint Detection & Response (EDR/XDR) tools
Vulnerability scanning tools (Tenable, Nessus, ACAS)
Cloud security monitoring (AWS, Azure, GCP)
Background in digital forensics, malware analysis, or threat intelligence
Scripting or automation experience (Python, PowerShell, Bash)
Certifications:
Security+, CySA+, CASP+, CEH, GCIH, GCIA, CISSP
Core Competencies
Strong analytical and problem-solving skills
Ability to make real-time decisions during active incidents
Excellent written and verbal communication skills
Experience delivering technical findings to leadership and stakeholders
Ability to work effectively in team-oriented, mission-driven environments
Work Environment
24/7 SOC operations (day/night/weekend shifts)
High-tempo environment supporting enterprise cybersecurity operations
On-site or hybrid depending on program requirements
Overview
We are seeking a Senior SOC Watchfloor Analyst to support a high-visibility, mission-critical cybersecurity operations environment. This role is focused on real-time monitoring, threat detection, and incident response within a 24/7 Security Operations Center (SOC).
The ideal candidate brings deep experience in SOC operations, cyber defense, incident response, and SIEM analysis, along with the ability to lead watchfloor activities and support enterprise-scale cybersecurity operations.
Key Responsibilities
Lead real-time SOC watchfloor operations, including continuous monitoring and alert triage across enterprise systems
Analyze and investigate security events, alerts, and anomalies using SIEM platforms (e.g., Splunk, QRadar, ELK)
Perform event correlation across multiple data sources (network traffic, logs, endpoints, cloud environments) to identify threat activity
Detect, analyze, and escalate cybersecurity incidents, intrusions, and suspicious activity
Support and lead incident response activities, including containment, eradication, and recovery
Conduct threat hunting and forensic analysis to identify root cause and scope of incidents
Document and communicate incident timelines, impact analysis, and remediation actions
Provide watchfloor leadership, mentoring junior analysts and coordinating activities across shifts
Develop and tune SIEM correlation rules, alerts, and dashboards
Generate reports and provide briefings to stakeholders on threats, trends, and operational status
Collaborate with cross-functional teams on vulnerability remediation and system hardening efforts
Required Qualifications
Bachelor's Degree
Active Top Secret clearance (TS/SCI strongly preferred)
8+ years of experience in Security Operations Center (SOC), cyber defense, or incident response roles
Proven experience with SIEM platforms (Splunk, QRadar, Elastic, etc.)
Strong knowledge of:
Network protocols (TCP/IP), OSI model, and network traffic analysis
Threat detection and incident response methodologies
Log aggregation and analysis across enterprise systems
Experience performing multi-source event correlation and threat analysis
Familiarity with:
NIST 800-61 (Incident Response)
MITRE ATT&CK framework
Ability to operate in a fast-paced, 24/7 operational environment (shift work required)
Preferred Qualifications
Experience in watchfloor or shift lead roles within a SOC environment
Hands-on experience with:
Endpoint Detection & Response (EDR/XDR) tools
Vulnerability scanning tools (Tenable, Nessus, ACAS)
Cloud security monitoring (AWS, Azure, GCP)
Background in digital forensics, malware analysis, or threat intelligence
Scripting or automation experience (Python, PowerShell, Bash)
Certifications:
Security+, CySA+, CASP+, CEH, GCIH, GCIA, CISSP
Core Competencies
Strong analytical and problem-solving skills
Ability to make real-time decisions during active incidents
Excellent written and verbal communication skills
Experience delivering technical findings to leadership and stakeholders
Ability to work effectively in team-oriented, mission-driven environments
Work Environment
24/7 SOC operations (day/night/weekend shifts)
High-tempo environment supporting enterprise cybersecurity operations
On-site or hybrid depending on program requirements
group id: kforcecx
We offer roles across all three clearance levels: Confidential, Secret and Top Secret. With a Top Secret Facilities clearance, a proven subcontractor track record and a deep understanding of agencies across Defense, Intelligence, Homeland, Justice and Federal Civilian Sectors, Kforce brings more than 20 years of experience to supporting critical missions at federal, state and local levels.
