user avatar

Security Operations Center Analyst - High

Koniag Government Services

Posted today

Job Requirements

Washington, DC
Public Trust Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries

Job Description

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Security Operations Center Analyst - High to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.

Koniag Data Solutions, a Koniag Government Services company, is seeking a highly skilled and experienced Senior Security Operations Center (SOC) Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is a seasoned cybersecurity professional with extensive experience in advanced security operations, threat detection, and incident response within complex federal government IT environments. This individual will serve as a senior technical resource within SBA's SOC, providing expert-level analysis, mentorship to junior analysts, and close collaboration with the Cybersecurity Operations Technical Lead to protect SBA's enterprise IT environment from sophisticated and evolving cyber threats.

The Senior SOC Analyst will serve as an advanced-level cybersecurity operations professional within SBA's Security Operations Center, providing expert threat detection, in-depth security event analysis, and incident response leadership while mentoring junior and mid-level SOC staff and driving continuous improvement of SOC capabilities and processes.

Principal responsibilities will include but are not limited to:
  • Perform advanced, continuous monitoring and analysis of security alerts and events generated by SBA's SIEM platform, IDS/IPS systems, endpoint detection and response (EDR) tools, and other security monitoring technologies, applying expert-level analytical skills to accurately detect, classify, and prioritize security incidents and threats targeting SBA's enterprise environment.
  • Lead and conduct in-depth investigation and analysis of complex security incidents, applying advanced knowledge of threat actor TTPs, attack methodologies, and the MITRE ATT&CK framework to determine incident scope, root cause, and full impact, and driving incident response activities through to successful resolution.
  • Serve as a senior escalation point for security incidents and complex alerts escalated by junior and mid-level SOC analysts, providing expert technical guidance, mentorship, and decision support to ensure timely and effective incident triage, escalation, and response.
  • Lead and support incident response activities for significant security incidents affecting SBA's enterprise environment, coordinating containment, eradication, recovery, and post-incident review activities in accordance with SBA's incident response policies and NIST SP 800-61 guidelines, and communicating incident status and findings to the Cybersecurity Operations Technical Lead and SBA leadership.
  • Conduct advanced log analysis and correlation across diverse data sources, including Windows Event Logs, Syslog, cloud platform logs, firewall logs, web proxy logs, EDR telemetry, and application logs, to reconstruct attack timelines, identify malicious activity patterns, and develop actionable intelligence to support incident response and detection improvement activities.
  • Develop, tune, and optimize SIEM detection rules, correlation logic, alert thresholds, and dashboards to improve the accuracy and effectiveness of SBA's threat detection capabilities, reduce false positive rates, and enhance SOC analyst efficiency
  • Perform advanced threat hunting activities, proactively searching SBA's enterprise environment for hidden threats, indicators of compromise (IOCs), and adversary TTPs using the MITRE ATT&CK framework, threat intelligence feeds, and advanced analytical techniques to identify malicious activity that has evaded automated detection.
  • Analyze and operationalize threat intelligence from government and commercial sources, including US-CERT, CISA, ISACs, and commercial threat intelligence platforms, to identify relevant threats, update detection capabilities, and prioritize SOC monitoring and response activities based on current threat landscape intelligence.
  • Develop high-quality incident reports, after-action reviews (AARs), threat analysis reports, and technical documentation capturing incident timelines, root cause analysis, findings, and actionable remediation recommendations, tailored to both technical and non-technical SBA audiences.
  • Support and contribute to vulnerability management activities, providing expert analysis of vulnerability scan results, assessing real-world exploitability and risk, and advising on remediation prioritization strategies to support timely and effective vulnerability remediation across SBA's system portfolio.
  • Develop, review, and maintain SOC Standard Operating Procedures (SOPs), incident response playbooks, runbooks, and knowledge base articles, ensuring all SOC operational documentation remains current, accurate, and reflective of evolving threats and best practices.
  • Provide active mentorship, technical guidance, and on-the-job training to junior and mid-level SOC analysts, contributing to professional development, knowledge sharing, and the overall elevation of SOC team capability and performance.
  • Support the planning and execution of purple team exercises and tabletop scenarios, collaborating with the blue team and penetration testing staff to validate and improve SBA's detection and response capabilities against realistic attack scenarios.
  • Coordinate with SBA IT teams, system owners, and other cybersecurity program staff to communicate SOC findings, support remediation activities, and provide technical recommendations to enhance the overall security posture of SBA's enterprise environment.
  • Contribute to the continuous improvement of SOC processes, tools, technologies, and operational metrics, identifying opportunities to enhance detection effectiveness, response efficiency, and overall SOC performance.

Education and Experience:

Required:
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university.
  • 6+ years of progressive experience in cybersecurity operations, with at least 3 years in a senior SOC analyst, lead analyst, or equivalent advanced-level role within a SOC or cyber defense environment.
  • Demonstrated experience supporting security operations and incident response within a federal government or large enterprise IT environment.
  • One or more of the following certifications:
  • GIAC Security Operations Certified (GSOC)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Certified Intrusion Analyst (GCIA)
  • Certified SOC Analyst (CSA)
  • Certified Information Systems Security Professional (CISSP)
  • CompTIA Cybersecurity Analyst (CySA+)

Desired:
  • Master's degree in Cybersecurity, Information Assurance, or a related field.
  • 8+ years of cybersecurity operations experience, with a strong background supporting federal government or defense contracting SOC programs.
  • Prior experience supporting SBA or other federal civilian agency SOC programs.

Required Skills and Competencies:
  • Exceptional communication skills in English - both written and oral - with the ability to clearly articulate complex security findings, incident details, threat analysis results, and technical recommendations to both technical and non-technical audiences, including senior SBA leadership and government stakeholders.
  • Advanced expertise in security event monitoring, threat detection, and incident response operations within a SOC environment, with demonstrated ability to independently manage complex security incidents from initial detection through post-incident review.
  • Advanced proficiency with SIEM platforms, including Splunk, Microsoft Sentinel, ArcSight, or equivalent, with demonstrated experience developing and tuning detection rules, correlation logic, dashboards, and advanced queries to support threat detection and investigation activities.
  • Expert-level log analysis skills, with the ability to analyze and correlate security-relevant data across diverse log sources, including Windows Event Logs, Syslog, cloud platform logs, network device logs, and application logs, to reconstruct attack timelines and identify malicious activity.
  • Advanced knowledge of network security concepts and protocols, including TCP/IP, DNS, HTTP/S, and demonstrated ability to analyze network traffic and packet captures using tools such as Wireshark, Zeek, or equivalent to support incident investigation and threat hunting activities.
  • Deep proficiency with endpoint detection and response (EDR) platforms, with demonstrated ability to leverage EDR telemetry for advanced threat detection, incident investigation, and threat hunting activities across Windows and Linux endpoint environments.
  • Demonstrated expertise in applying the MITRE ATT&CK framework to threat detection, threat hunting, incident analysis, and detection engineering activities, with the ability to map observed adversary behaviors to ATT&CK techniques and inform detection improvement efforts.
  • Strong experience operationalizing threat intelligence from multiple government and commercial sources to enhance SOC detection capabilities, prioritize monitoring activities, and support incident response efforts.
  • Experience developing high-quality incident reports, after-action reviews, SOC operational reports, and technical briefings, with the ability to communicate complex findings and recommendations clearly and effectively.
  • Demonstrated ability to mentor and provide technical guidance to junior and mid-level SOC analysts, contributing to team capability development and knowledge sharing within a SOC environment.
  • Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, FISMA, and applicable CISA guidance, and their implications for SOC operations within a federal civilian agency environment.
  • Ability to obtain and maintain a Public Trust Clearance.

Desired Skills and Competencies:
  • Prior experience supporting SBA or other federal civilian agency SOC programs, with demonstrated knowledge of SBA's mission, IT environment, and cybersecurity monitoring and response requirements.
  • Advanced experience with cloud security monitoring and operations in AWS, Azure, or GCP environments, including deep familiarity with cloud-native security tools, logging capabilities, and threat detection methodologies for cloud-hosted workloads and services.
  • Experience with Security Orchestration, Automation, and Response (SOAR) platforms and proficiency in scripting languages such as Python, PowerShell, or Bash to develop automated detection, triage, and response workflows that enhance SOC efficiency and effectiveness.
  • Experience conducting digital forensics and malware analysis activities to support incident response investigations, including memory forensics, disk forensics, and basic static and dynamic malware analysis techniques
  • Knowledge of Zero Trust Architecture (ZTA) principles and their implications for SOC monitoring strategies, detection engineering, and incident response within a federal IT environment.
  • Familiarity with the CDM (Continuous Diagnostics and Mitigation) program tools, data requirements, and their application in supporting continuous monitoring and threat detection activities within federal civilian agency SOC environments.
  • Experience with deception technologies, including honeypots and deception platforms, and their application in enhancing SOC threat detection capabilities and supporting adversary attribution efforts.
  • Experience supporting or leading purple team exercises and collaborative red team/blue team activities to validate and improve detection and response capabilities against realistic adversary TTPs.
  • GIAC Certified Forensic Analyst (GCFA) or GIAC Network Forensic Analyst (GNFA) certification.
  • Experience supporting FedRAMP authorized cloud environments and familiarity with FedRAMP continuous monitoring requirements and their implications for SOC monitoring and incident response activities.
  • Familiarity with threat intelligence platforms (TIPs) such as MISP, ThreatConnect, or Anomali, and experience with structured threat intelligence formats including STIX/TAXII for consuming and sharing threat intelligence within a SOC environment.

Our Equal Employment Opportunity Policy

The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.

The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.

Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.

Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
group id: 10201473
Find Koniag Government Services on Social Media
Recruiters
user avatar
About Us
Koniag Government Services (KGS) supports the values and traditions of our Native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services, and Operational Management to Federal Government Agencies. We apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and Native communities. Through our wholly-owned subsidiary companies, including SBA Certified 8(a) and HUBZone companies, we provide exceptional service to our Government clients with a committed focus on: Community Mission. Solution Oriented. Exceptional People.

Koniag Government Services Jobs


Job Category
IT - Security
Clearance Level
Public Trust