Job Posting: SOC Analyst

Why This Role Exists

Our SOC monitors aerospace and defense systems for suspicious activity, triages alerts, and escalates incidents quickly. As a junior analyst, you will perform first-line detection and triage while learning structured analysis and documentation practices.

What You’ll Do

  • Monitor SIEM/EDR dashboards and ticket queues; validate alerts against known baselines and playbooks
  • Perform initial triage:
    • Gather context (host/user, process/network indicators)
    • Assess severity
    • Escalate per SOPs
  • Look up vulnerabilities, IOCs, and tactics using recognized sources; maintain thorough case notes
  • Use basic network analysis techniques to examine logs and PCAPs for anomalies under mentor guidance
  • Assist with detection tuning by documenting false positives and proposing simple rule refinements
  • Support credential hygiene efforts (ticketing, resets, simple checks) and document outcomes

Minimum Qualifications

  • Basic understanding of security fundamentals:
    • CIA triad
    • Least privilege
    • Common attack vectors
  • Comfort reviewing system and network logs
  • Ability to follow written procedures
  • Curiosity and rigor in:
    • Note-taking
    • Evidence collection
    • Escalation

Desired Qualifications

  • Exposure to a SIEM/EDR platform
  • Familiarity with simple query languages (e.g., KQL, SPL)
  • Awareness of industry models and frameworks used in defensive operations

NICE-Aligned KSAs (Junior Subset)

Work Role: Systems Security Analysis (IO-WRL-006)

Knowledge (K)

  • K0723 — Vulnerability data sources (e.g., NVD, vendor advisories) to support alert triage
  • K0924 — Network analysis tools and techniques (high-level familiarity for log/PCAP review)
  • K0756 — Security management principles and practices (policy, exceptions, approvals)
  • K0707 — Database systems and software (for querying and understanding event storage)
  • K0879 — Industry cybersecurity models and frameworks (to organize findings consistently)
  • K1222 — System availability requirements (impact awareness during incidents)

Skills (S)

  • S0484 — Develop and support user credential management workflows (junior support tasks, not design)
  • S0600 — Collect relevant data from multiple sources (alerts, logs, asset databases)
  • S0511 — Establish priorities (alert triage order and escalation)