Job Requirements
Washington, DC
Public Trust Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries
Job Description
Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Security Operations Center Analyst - Mid to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking a skilled Mid-Level Security Operations Center (SOC) Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is an experienced cybersecurity professional with a solid foundation in security event monitoring, threat detection, and incident response within a SOC environment. This individual will play an important role in protecting SBA's systems, networks, and data by actively monitoring for threats, analyzing security events, and supporting incident response activities in alignment with federal cybersecurity policies and SBA security requirements.
The Mid-Level SOC Analyst will serve as an experienced cybersecurity operations professional responsible for monitoring, detecting, analyzing, and supporting the response to cybersecurity threats targeting SBA's enterprise IT environment. Working under the guidance of the Cybersecurity Operations Technical Lead and Senior Cyber Defense Analysts, this individual will contribute meaningfully to all aspects of SOC operations while continuing to develop and refine their technical skills and expertise.
Principal responsibilities will include but are not limited to:
Education and Experience:
Required:
Desired:
Required Skills and Competencies:
Desired Skills and Competencies:
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking a skilled Mid-Level Security Operations Center (SOC) Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is an experienced cybersecurity professional with a solid foundation in security event monitoring, threat detection, and incident response within a SOC environment. This individual will play an important role in protecting SBA's systems, networks, and data by actively monitoring for threats, analyzing security events, and supporting incident response activities in alignment with federal cybersecurity policies and SBA security requirements.
The Mid-Level SOC Analyst will serve as an experienced cybersecurity operations professional responsible for monitoring, detecting, analyzing, and supporting the response to cybersecurity threats targeting SBA's enterprise IT environment. Working under the guidance of the Cybersecurity Operations Technical Lead and Senior Cyber Defense Analysts, this individual will contribute meaningfully to all aspects of SOC operations while continuing to develop and refine their technical skills and expertise.
Principal responsibilities will include but are not limited to:
- Perform continuous monitoring of SBA networks, systems, endpoints, and cloud environments using SIEM platforms, IDS/IPS tools, EDR solutions, and other security technologies to detect and identify potential threats, anomalies, and indicators of compromise.
- Conduct analysis and triage of security events and alerts generated by SOC monitoring tools, determining the validity, scope, and severity of potential security incidents and escalating confirmed or suspected incidents to senior analysts and the Technical Lead in accordance with established procedures.
- Support incident response activities, including initial containment actions, evidence preservation, and coordination with senior analysts and the Technical Lead during active security incidents, following SBA's incident response policies and NIST SP 800-61 guidelines.
- Investigate security events and incidents by analyzing network traffic, system logs, endpoint telemetry, and other relevant data sources to identify the root cause, scope, and impact of potential security issues.
- Document security events, incidents, and investigative findings accurately and thoroughly in SBA's ticketing and case management systems, maintaining detailed records of all SOC activities in accordance with established documentation standards.
- Assist in the development and refinement of SIEM detection rules, correlation logic, and alerting thresholds under the guidance of senior analysts and the Technical Lead, contributing recommendations based on observed alert patterns and false positive analysis.
- Support threat hunting activities by executing predefined hunt playbooks and assisting senior threat hunters in the identification of indicators of compromise and malicious activity within SBA's environment.
- Monitor and analyze threat intelligence from government and commercial sources, including US-CERT, CISA, and relevant ISACs, to stay current on emerging threats and incorporate relevant intelligence into daily SOC monitoring and analysis activities.
- Assist in the development and maintenance of SOC Standard Operating Procedures (SOPs), incident response playbooks, and runbooks, contributing updates and improvements based on operational experience and lessons learned.
- Collaborate effectively with SBA IT teams, system owners, and other stakeholders to communicate security findings, support remediation coordination, and contribute to the improvement of SBA's overall security posture.
- Support vulnerability management activities by reviewing and analyzing vulnerability scan results, assisting with the identification of high-priority vulnerabilities, and coordinating with system owners on remediation tracking and follow-up.
- Participate in after-action reviews (AARs) and lessons learned sessions following significant security incidents, contributing observations and recommendations to improve SOC processes, procedures, and capabilities.
- Prepare and contribute to the development of security incident reports, shift handover reports, and other SOC documentation, ensuring accuracy, completeness, and adherence to established reporting standards.
- Participate in SOC team training activities, tabletop exercises, and professional development opportunities to continuously expand technical knowledge and skills in cybersecurity operations and threat analysis.
- Ensure all SOC activities comply with applicable federal cybersecurity frameworks, policies, and regulations, including NIST, FISMA, and DHS/CISA directives and guidance.
Education and Experience:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university.
- Relevant work experience may be considered in lieu of a degree.
- 3+ years of experience in cybersecurity operations, security event monitoring, or a related field, with demonstrated experience working within a SOC or cyber defense environment.
- Demonstrated experience working with SIEM platforms and security monitoring tools in an operational environment.
- One or more of the following certifications:
- CompTIA Security+
- CompTIA Cybersecurity Analyst (CySA+)
- Certified SOC Analyst (CSA)
- GIAC Security Essentials (GSEC)
- GIAC Certified Incident Handler (GCIH)
- Systems Security Certified Practitioner (SSCP)
Desired:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- 5+ years of cybersecurity operations experience, with a focus on SOC operations within a federal government or defense contracting environment.
Required Skills and Competencies:
- Strong communication skills in English - both written and oral - with the ability to clearly document and communicate security findings, incident details, and analytical results to both technical and non-technical audiences.
- Solid understanding of security event monitoring, alert triage, and incident response processes and procedures within a SOC environment.
- Working knowledge of SIEM platforms (e.g., Splunk, Microsoft Sentinel, ArcSight, or similar), including the ability to perform log searches, build basic queries, and analyze security event data to identify potential threats and anomalies.
- Foundational knowledge of network security concepts, including TCP/IP, DNS, HTTP/S, firewalls, IDS/IPS, and the ability to analyze basic network traffic patterns to identify potentially malicious activity
- Experience working with endpoint detection and response (EDR) tools and the ability to investigate host-based security alerts and identify indicators of compromise on endpoints
- Familiarity with the MITRE ATT&CK framework and the ability to apply ATT&CK tactics and techniques to the analysis and classification of security events and incidents.
- Ability to conduct log analysis across common data sources, including Windows Event Logs, Syslog, and application logs, to support security event investigation and incident response activities.
- Familiarity with threat intelligence concepts and the ability to leverage threat intelligence feeds and indicators of compromise (IOCs) to support security monitoring and analysis activities
- Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, and FISMA, and their application to SOC operations within a federal environment
- Ability to accurately document security events, incidents, and investigative findings in ticketing and case management systems in a clear, concise, and thorough manner.
- Strong analytical and problem-solving skills with the ability to assess security alerts and events, identify patterns of potentially malicious activity, and escalate findings appropriately.
- Ability to work effectively both independently and as part of a collaborative team in a fast-paced, mission-driven SOC environment, including the ability to manage multiple concurrent tasks and priorities
- Ability to obtain and maintain a Public Trust Clearance.
Desired Skills and Competencies:
- Prior experience supporting SBA or other federal civilian agency SOC operations or cybersecurity programs.
- Experience with cloud security monitoring in AWS, Azure, or GCP environments, including familiarity with cloud-native logging and monitoring services such as AWS CloudTrail, Azure Monitor, or Google Cloud Logging.
- Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms and basic scripting capabilities in Python or PowerShell to support the automation of routine SOC tasks and workflows.
- Experience supporting vulnerability management activities, including working with vulnerability scanning tools such as Tenable Nessus, Qualys, or similar platforms.
- Knowledge of Zero Trust Architecture (ZTA) principles and their implications for security monitoring and SOC operations within a federal IT environment.
- Familiarity with the CDM (Continuous Diagnostics and Mitigation) program tools, data requirements, and their role in supporting federal civilian agency SOC operations.
- Experience participating in incident response activities and contributing to after-action reviews and lessons learned processes.
- Familiarity with digital forensics concepts and basic forensic investigation techniques to support the collection and preservation of digital evidence during incident response activities.
- GIAC Security Operations Certified (GSOC) or GIAC Certified Enterprise Defender (GCED) certification.
- Experience working within a FedRAMP authorized cloud environment and familiarity with FedRAMP security requirements as they relate to SOC monitoring and incident response activities.
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
group id: 10201473