CBO - Tier 2 SOC Analyst
cFocus Software seeks a Tier 2 SOC Analyst to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.
Qualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 2+ years of SOC Analyst experience
- Strong knowledge of cybersecurity operations and incident response processes
- Experience with SIEM platforms, preferably Microsoft Sentinel
- Understanding of MITRE ATT&CK framework and threat actor tactics
- Experience analyzing logs from endpoints, networks, cloud, and identity systems
- Familiarity with Microsoft Defender tools (Endpoint, Identity) and cloud platforms (AWS)
- Experience with digital forensics and malware analysis
- Familiarity with SOAR tools and automation workflows
- Experience supporting federal or regulated environments (NIST, CUI, etc.)
- Ability to perform threat hunting and advanced correlation analysis
- Preferred certifications include but are not limited to
- GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g., AWS security)
- Privacy certifications (e.g., CIPP/US, CIPM) where applicable
- Perform advanced analysis and investigation of escalated security alerts and incidents
- Conduct root cause analysis (RCA) and determine scope and impact of incidents
- Support incident response activities including containment, eradication, and recovery
- Perform threat hunting across identity, endpoint, network, cloud, and application logs
- Correlate events across multiple data sources within SIEM (Microsoft Sentinel)
- Develop and tune detection rules, analytics, and use cases
- Maintain and improve SOC playbooks and incident response procedures
- Provide detailed documentation of investigations, findings, and remediation actions
- Support reporting requirements including contributions to monthly and quarterly reports
- Collaborate with Tier I and Tier III analysts, engineers, and stakeholders