Hybrid 2 Days Onsite/3 Days Remote in Washington, DC
Our client seeks a SOC Analyst to support continuous monitoring, detection, analysis, and response to cybersecurity events across hybrid cloud and on-premises environments. The analyst will triage security alerts, investigate incidents, and ensure timely escalation and resolution aligned to incident response procedures. The role operates within a modern enterprise leveraging Splunk, Microsoft Sentinel, Microsoft Defender, and related platforms across M365 G5, cloud services, and enterprise applications. The position supports a 24x7 SOC model and partners with infrastructure, cloud, and application teams
.
Due to client requirements, applicants must be willing and able to work on a w2 basis. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insuranc
e.
Rate: $50.00 to $55.00/hr.
w2Responsibilit
- iesMonitor security events and alerts generated by SIEM, EDR/XDR, and other security platfor
- ms.Perform initial triage and analysis of alerts to determine severity, impact, and required response actio
- ns.Identify false positives versus legitimate threats using defined use cases and threat intelligen
- ce.Create, update, and manage incident tickets in systems such as Ji
- ra.Escalate confirmed or high-risk incidents to appropriate Tier 2/3 analysts or incident response tea
- ms.Support containment, eradication, and recovery efforts in coordination with cybersecurity tea
- ms.Utilize Splunk and Microsoft Sentinel for log analysis, correlation, and event investigati
- on.Assist in tuning SIEM alerts and dashboards to improve detection capabilities and reduce noi
- se.Contribute to log onboarding, data normalization, and use case developme
- nt.Analyze alerts from EDR/XDR solutions such as Microsoft Defend
- er.Monitor identity-related risks across platforms including Okta, Entra ID, and Privileged Identity Manageme
- nt.Investigate suspicious authentication patterns, privilege escalations, and anomalous behavi
- or.Review and support findings from vulnerability management tools such as Rapid7 InsightVM and Veraco
- de.Validate and correlate vulnerabilities with active threats or incidents and coordinate remediation tracki
- ng.Document incident details, investigation steps, and resolution actions per security polici
- es.Maintain accurate reporting within ticketing and knowledge management systems such as Jira and Confluen
- ce.Contribute to incident reports, after-action reviews, and audit artifac
ts.Experience Requireme
- ntsHands-on experience with security monitoring and alert tria
- ge.Experience with incident ticketing, tracking, and escalation process
- es.Proficiency with SIEM platforms such as Splunk and/or Microsoft Sentin
- el.Experience with EDR/XDR tools, including Microsoft Defend
- er.Experience with security event documentation and reporti
- ng.Familiarity with enterprise IT environments spanning on-premises and cloud infrastructur
- es.Preferred: Experience with Microsoft 365 G5, Okta, Entra ID, CyberArk, Rapid7 InsightVM, Device42, and Veraco
- de.Preferred: Exposure to AWS, hybrid architectures, GRC tools such as Xacta, and enterprise platforms such as Appian or Orac
- le.Preferred: Experience working with formal incident response frameworks and playboo
ks.Education Requireme
- ntsBachelor’s degree in Cybersecurity, Information Technology, or related field, or equivalent experien
- ce.Relevant certifications such as CompTIA Security+, GIAC (GSEC, GCIA, etc.), or Microsoft Security certificatio
ns.
