CBO - Tier 3 SOC Analyst
cFocus Software seeks a Tier 3 SOC Analyst to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.
Qualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 5+ years of SOC Analyst experience
- Expert knowledge of incident response, threat hunting, and detection engineering
- Advanced experience with Microsoft Sentinel (SIEM) and Microsoft Defender tools
- Strong understanding of MITRE ATT&CK framework and adversary tactics
- Experience with digital forensics and malware analysis techniques
- Ability to analyze logs across identity, endpoint, network, and cloud environments
- Strong knowledge of AWS logs (CloudTrail, VPC Flow Logs) and enterprise security tools
- Experience with KQL (Kusto Query Language) and advanced correlation analysis
- Deep understanding of NIST frameworks (800-53, 800-61, 800-92) and Zero Trust principles
- Experience with SOAR platforms and automation (Logic Apps, Sentinel playbooks)
- Experience supporting federal environments and compliance (CUI, FTI, NIST, IRS 1075)
- Experience leading incident response engagements and reporting to leadership
- Preferred certifications include but are not limited to
- GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g., AWS security)
- Privacy certifications (e.g., CIPP/US, CIPM) where applicable
- Lead investigation and response for complex and high-severity security incidents
- Perform advanced threat hunting using Microsoft Sentinel and Defender platforms
- Conduct digital forensics, malware analysis, and root cause analysis (RCA)
- Develop, tune, and optimize detection rules, analytics, and correlation logic
- Map detections and activities to MITRE ATT&CK framework
- Oversee incident lifecycle management (detection through containment, eradication, and recovery)
- Support and improve SOC playbooks, automation workflows, and response procedures
- Provide mentorship and guidance to Tier I and Tier II analysts
- Identify security control gaps and recommend remediation strategies
- Support red team, purple team, and adversary emulation exercises
- Contribute to incident reports, quarterly threat reviews, and executive briefings