Springfield, VA

Tier 1 SOC Analyst

Job Specs

Springfield, Virginia, United States

Job Description:

XOR Security is currently seeking a talented Tier 1 Cyber Defense Analyst to support an Intelligence Community Customer in Springfield VA. The Cyber Security Operations Cell (CSOC) support includes analysis, investigation, reporting and remediation of cyber incidents, incident escalation to CSOC/Focused Operations, planning and development of cyber countermeasures, initiation of incident notification procedures, and collaboration with external IC and DoD Cyber units as well as reporting Cyber Defense status to the CSOC, Customer leadership, and external IC and DoD Cyber units. 

To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis, and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. 

Job Duties:

  • Conduct Incident handling and direct agency incident response to cyber incidents
  • Recommend appropriate mitigation activities to minimize downtime, mission impact and restore service
  • Conduct intelligence fusion analysis by collecting cyber intelligence reports and culling information to provide actionable cyber intelligence required to defend the IT Infrastructure, data, and services
  • Conduct forensic analysis in coordination with the CSOC/Focused Operations team
  • Conduct reverse malware engineering in coordination with the CSOC/Focused Operations team
  • Correlate and analyze precursors to incidents and provide recommendations to mitigate related vulnerabilities and activity [Attack Sensing and Warning (ASW)]
  • Perform emerging threat analysis
  • Collect and analyze threat indicators from various sources along with updating and managing the current threat indicator database
  • Provide cyber incident reports as required to CSOC leadership and other designated customer organizations and leadership
  • Submit incident tickets to other Government agencies for additional research and analysis as required
  • Review, analyze, and disseminate advisories and orders received from other Government agencies as required


Springfield, VA. USA 

Skills and Qualifications:

Required Qualifications:

  • One to Three (1-3) years of experience in network defense environments
  • Position requires a current Computer Network Defense Incident Responder (CND-IR) certification with the appropriate computing environment certification(s) for the tools and devices they support IAW DoD 8570.01-M
  • Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (Attribution, Targeting) and Malware Analysis
  • Strong logical/critical thinking abilities, especially analyzing network traffic and IDS events for malicious intent
  • Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting
  • Ability to work greater than 40 hours per week as needed (occasional night and weekend work required)
  • Ability to work on-call for escalated cyber security incidents.
  • Experience with deployment and documentation of enterprise project management and change management processes
  • Ability to identify solutions to potential network issues/embrace network simplification and strengthened security
  • Ability to conduct event triage and analysis and incident investigation

Desired Qualifications:

  • Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts
  • Understanding of command line scripting and implementation (e.g., Python, Powershell)
  • Ability to write new content/searches/scripts (e.g., Splunk dashboards, Splunk ES alerts, SNORT signatures, Python scripts, Powershell scripts)
  • Experience with tools such as Active Directory, Cisco IOS, MS Server, ESA, WSA, Stealthwatch, AMP, Splunk, Splunk ES, SNORT, Yara, IronPort, and Firepower.
  • Strong understanding of networking (TCP Flags, TCP Handshake, IP addressing, Firewalls, Proxy, IDS, IPS)
  • Ability to perform NetFlow / packet capture (PCAP) analysis
  • Experience with cyber threat hunting
  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and TOP SECRET WITH SCI CLEARANCE REQUIRED.