SOC Analyst

Description:
Hybrid 2 Days Onsite/3 Days Remote in Washington, DC

Our client seeks a SOC Analyst to support continuous monitoring, detection, analysis, and response to cybersecurity events across hybrid cloud and on-premises environments. The analyst will triage security alerts, investigate incidents, and ensure timely escalation and resolution aligned to incident response procedures. The role operates within a modern enterprise leveraging Splunk, Microsoft Sentinel, Microsoft Defender, and related platforms across M365 G5, cloud services, and enterprise applications. The position supports a 24x7 SOC model and partners with infrastructure, cloud, and application teams.

Due to client requirements, applicants must be willing and able to work on a w2 basis. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance.

Rate: $50.00 to $55.00/hr. w2

Responsibilities:

• Monitor security events and alerts generated by SIEM, EDR/XDR, and other security platforms.
• Perform initial triage and analysis of alerts to determine severity, impact, and required response actions.
• Identify false positives versus legitimate threats using defined use cases and threat intelligence.
• Create, update, and manage incident tickets in systems such as Jira.
• Escalate confirmed or high-risk incidents to appropriate Tier 2/3 analysts or incident response teams.
• Support containment, eradication, and recovery efforts in coordination with cybersecurity teams.
• Utilize Splunk and Microsoft Sentinel for log analysis, correlation, and event investigation.
• Assist in tuning SIEM alerts and dashboards to improve detection capabilities and reduce noise.
• Contribute to log onboarding, data normalization, and use case development.
• Analyze alerts from EDR/XDR solutions such as Microsoft Defender.
• Monitor identity-related risks across platforms including Okta, Entra ID, and Privileged Identity Management.
• Investigate suspicious authentication patterns, privilege escalations, and anomalous behavior.
• Review and support findings from vulnerability management tools such as Rapid7 InsightVM and Veracode.
• Validate and correlate vulnerabilities with active threats or incidents and coordinate remediation tracking.
• Document incident details, investigation steps, and resolution actions per security policies.
• Maintain accurate reporting within ticketing and knowledge management systems such as Jira and Confluence.
• Contribute to incident reports, after-action reviews, and audit artifacts.

Experience Requirements:

• Hands-on experience with security monitoring and alert triage.
• Experience with incident ticketing, tracking, and escalation processes.
• Proficiency with SIEM platforms such as Splunk and/or Microsoft Sentinel.
• Experience with EDR/XDR tools, including Microsoft Defender.
• Experience with security event documentation and reporting.
• Familiarity with enterprise IT environments spanning on-premises and cloud infrastructures.
• Preferred: Experience with Microsoft 365 G5, Okta, Entra ID, CyberArk, Rapid7 InsightVM, Device42, and Veracode.
• Preferred: Exposure to AWS, hybrid architectures, GRC tools such as Xacta, and enterprise platforms such as Appian or Oracle.
• Preferred: Experience working with formal incident response frameworks and playbooks.

Education Requirements:

• Bachelor's degree in Cybersecurity, Information Technology, or related field, or equivalent experience.
• Relevant certifications such as CompTIA Security+, GIAC (GSEC, GCIA, etc.), or Microsoft Security certifications.