Job Requirements
Herndon, VA
Secret Polygraph not specified
Early Career (2+ yrs experience)
$82,000 - $85,000
Job Description
For more than a decade, Karthik Consulting has been a reliable and trusted advisor to our Government customers, providing independent and unbiased recommendations and solutions to mitigate risk and help solve IT issues. We bring the innovation, passion, and agility of the commercial sector to meet the unique challenges of this competitive space.
Karthik Consulting is seeking a Mid-Level SOC Analyst with the below skillset.
Mid-Level SOC Analyst
Fulltime with Karthik Consulting
Location: Herndon, VA
Clearance: Secret and above
Salary $82000 - $850000 per year
Years of experience: Minimum 3 years of experience with a bachelor's degree
Program Description
The position requires an on-site shift work schedule (6 AM - 6 PM) with the following structure:
• Long Weeks (Wednesday – Saturday): 4 days on shift (3x 12-hour shifts, 1x 8-hour shift) totaling 44 hours.
• Short Weeks (Thursday – Saturday): 3 days on shift (3x 12-hour shifts) totaling 36 hours.
• Total: 80 hours every two weeks.
Program Scope
The Security Analyst will monitor and analyze security events and alerts reported by the TSA SIEM on a 24x7x365 basis to identify and investigate suspicious or malicious activity, or other cyber events which violate TSA policy. The analyst will be responsible for analyzing logs and events from any other device types which may send logs or events to the TSA SOC in the future. Non-traditional device feeds will deliver data to the SIEM architecture (e.g., Human Resources (HR) data, badging information, and physical security devices, etc.). The analyst will provide documentation detailing any additional information collected and maintained for each security investigation. The analyst will record all artifacts (i.e. emails, logs, documents, Uniform Resource Locators (URLs), screenshots, etc.) associated with all security events and incident investigations within the TSA SOC incident and tracking application.
Required Skills
• At least 3 years of experience working in a Security Operations Center (SOC) or Network Operations Center (NOC) environment performing security event monitoring and analysis.
• Experience using SIEM and EDR technologies to support investigations.
• Incident response framework knowledge and experience.
• Working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks.
• Must possess a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
• Must be capable of analyzing security logs and events from the following types of devices such as, but not limited to: Firewalls (FWs), Intrusion detection system (IDS).
Preferred Skills & Experience
• Experience with SIEM platforms and basic log analysis/querying.
• Experience opening and managing tickets in a case/incident tracking system (Archer, ServiceNow, Remedy, or similar).
• Understanding of basic adversary tactics and common indicators of compromise.
• Prior exposure to vulnerability scan data or endpoint security tools (e.g., Nessus, Tanium).
• Strong written and verbal communication skills with the ability to produce clear, concise case notes.
• Ability to work effectively in a 24×7×365 shift environment.
Key Responsibilities
• Monitor and analyze security events and alerts in the TSA SIEM on a 24×7×365 basis to identify suspicious or malicious activity.
• Proficient in Splunk, including hand-on experience writing queries using SPL.
• Open cases in the TSA SOC incident tracking application within 15 minutes of detecting critical/high events.
• Open cases in the TSA SOC incident tracking application within 60 minutes of detecting medium events.
• Open cases in the TSA SOC incident tracking application within 4 hours of detecting low events.
• Collect and document minimum incident details (date/time, description, impacted devices, severity, etc.) and record all associated artifacts to support investigations.
• Escalate confirmed incidents to the TSA CSIRT/CSWO team and IT management per established SOPs, ensuring documented hand-offs.
• Report security event feed outages or tool issues.
• Support After Action Reports (AARs) for significant cases and contribute to the SOC knowledge base (SharePoint).
• Maintain accurate audit trails and records in accordance with TSA record management policies
Qualifications
Education
• Minimum Requirement: Bachelor’s degree in Cybersecurity, IT, or related field preferred.
• Minimum Experience: 3 years of experience in a Security Operations Center (SOC), Network Operations Center (NOC), or IT/help-desk environment with exposure to security monitoring.
Professional Certifications
• CompTIA Security+ (or equivalent DoD 8570/8140-compliant certification) required or must be obtained within 6 months of start.
Karthik Consulting is seeking a Mid-Level SOC Analyst with the below skillset.
Mid-Level SOC Analyst
Fulltime with Karthik Consulting
Location: Herndon, VA
Clearance: Secret and above
Salary $82000 - $850000 per year
Years of experience: Minimum 3 years of experience with a bachelor's degree
Program Description
The position requires an on-site shift work schedule (6 AM - 6 PM) with the following structure:
• Long Weeks (Wednesday – Saturday): 4 days on shift (3x 12-hour shifts, 1x 8-hour shift) totaling 44 hours.
• Short Weeks (Thursday – Saturday): 3 days on shift (3x 12-hour shifts) totaling 36 hours.
• Total: 80 hours every two weeks.
Program Scope
The Security Analyst will monitor and analyze security events and alerts reported by the TSA SIEM on a 24x7x365 basis to identify and investigate suspicious or malicious activity, or other cyber events which violate TSA policy. The analyst will be responsible for analyzing logs and events from any other device types which may send logs or events to the TSA SOC in the future. Non-traditional device feeds will deliver data to the SIEM architecture (e.g., Human Resources (HR) data, badging information, and physical security devices, etc.). The analyst will provide documentation detailing any additional information collected and maintained for each security investigation. The analyst will record all artifacts (i.e. emails, logs, documents, Uniform Resource Locators (URLs), screenshots, etc.) associated with all security events and incident investigations within the TSA SOC incident and tracking application.
Required Skills
• At least 3 years of experience working in a Security Operations Center (SOC) or Network Operations Center (NOC) environment performing security event monitoring and analysis.
• Experience using SIEM and EDR technologies to support investigations.
• Incident response framework knowledge and experience.
• Working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks.
• Must possess a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
• Must be capable of analyzing security logs and events from the following types of devices such as, but not limited to: Firewalls (FWs), Intrusion detection system (IDS).
Preferred Skills & Experience
• Experience with SIEM platforms and basic log analysis/querying.
• Experience opening and managing tickets in a case/incident tracking system (Archer, ServiceNow, Remedy, or similar).
• Understanding of basic adversary tactics and common indicators of compromise.
• Prior exposure to vulnerability scan data or endpoint security tools (e.g., Nessus, Tanium).
• Strong written and verbal communication skills with the ability to produce clear, concise case notes.
• Ability to work effectively in a 24×7×365 shift environment.
Key Responsibilities
• Monitor and analyze security events and alerts in the TSA SIEM on a 24×7×365 basis to identify suspicious or malicious activity.
• Proficient in Splunk, including hand-on experience writing queries using SPL.
• Open cases in the TSA SOC incident tracking application within 15 minutes of detecting critical/high events.
• Open cases in the TSA SOC incident tracking application within 60 minutes of detecting medium events.
• Open cases in the TSA SOC incident tracking application within 4 hours of detecting low events.
• Collect and document minimum incident details (date/time, description, impacted devices, severity, etc.) and record all associated artifacts to support investigations.
• Escalate confirmed incidents to the TSA CSIRT/CSWO team and IT management per established SOPs, ensuring documented hand-offs.
• Report security event feed outages or tool issues.
• Support After Action Reports (AARs) for significant cases and contribute to the SOC knowledge base (SharePoint).
• Maintain accurate audit trails and records in accordance with TSA record management policies
Qualifications
Education
• Minimum Requirement: Bachelor’s degree in Cybersecurity, IT, or related field preferred.
• Minimum Experience: 3 years of experience in a Security Operations Center (SOC), Network Operations Center (NOC), or IT/help-desk environment with exposure to security monitoring.
Professional Certifications
• CompTIA Security+ (or equivalent DoD 8570/8140-compliant certification) required or must be obtained within 6 months of start.
group id: 91008401
