CSOC Sr. Cyber Defense Analyst

Position Summary
We are seeking a skilled and motivated Cyber Defense Analyst to help government and commercial customers modernize and secure their operations. Our offerings include program and portfolio management, AI/automation, UX engineering, enterprise app development, data analytics, and telecom infrastructure. Proudly veteran-owned, our teams deliver robust cyber defense—threat detection, incident response, continuous monitoring alongside agile IT and data services. If you seek to grow in a collaborative, mission-centered culture, partnering with agencies like DoD, HHS, CMS, and CDC.



Job Summary
As a Sr. Cyber Defense Analyst supporting the Department of Veterans Affairs, you will serve as a critical leader in the design, development, and operationalization of advanced cybersecurity monitoring and detection capabilities. In this role, you’ll configure and tune a range of security monitoring tools—including Splunk, Microsoft Sentinel, Defender for Endpoint, and SOAR platforms—to identify and respond to sophisticated cyber threats in real time. Your responsibilities will include crafting custom detection logic and queries, mapping threat activity to the MITRE ATT&CK framework, and applying machine learning and pattern analysis to strengthen defenses. You’ll play a key role in onboarding new data sources, developing detection playbooks, and ensuring high-quality, actionable security analytics across VA’s cloud, SaaS, identity, and networking environments. You’ll collaborate with incident response, forensics, and threat intelligence teams, providing expert guidance and clear communication to both technical and non-technical stakeholders. By participating in cyber exercises and regularly assessing the efficacy of analytics and automation, you’ll help maintain a resilient and proactive security posture for the VA, making a direct impact on protecting veteran data and government systems.



Responsibilities

Configure monitoring tools to detect threat actor techniques and/or behavioral indicators

Craft custom search queries using Splunk (SPL), as well as Microsoft Defender for Endpoint and Microsoft Sentinel (KQL) – Must be certified!

Provide subject matter expertise to support security detections in one of the following areas:
- Cloud technologies
- SaaS
- Identity and access management
- Networking
- Splunk (Cert.Required)
- EDR

Map security detections to the MITRE ATT&CK Framework

Research and develop configuration recommendations to facilitate operationalization of new data sources for detection of adversarial activities

Use machine learning and pattern analysis to improve detection of specific types of threats

Collaborate effectively with cross-functional teams, including incident response, forensics, threat intelligence, IT, and network administrators

Clearly communicate technical information and detection-related updates to management and stakeholders

Develop and operationalize advanced security analytics to detect and respond to sophisticated cyber threats in near real-time

Develop and implement detection feedback processes – e.g., tuning false positives, decommissioning, etc.

Ensure completeness and consistency regarding data quality of detections

Monitor the performance of security analytics and automation processes regularly, identifying areas for improvement and taking proactive measures to enhance their efficacy

Leverage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate detection and incident response, including enrichment, containment, and remediation actions

Support the operationalization of new security detections, including building reference documentation, investigation guidelines, and tuning considerations

Stay informed about the latest cybersecurity threats, trends, and best practices

Actively participate in cybersecurity exercises, drills, and simulations to improve incident response understanding



Requirements

Candidates must possess a professional-level certification in one of the following subject areas:-

Cloud (ex: GLCD, GCFR), and Splunk certification (required).

Detection engineering (ex: GCDA)

Incident Response/Forensics (ex: GCIH, GCFE, GNFA)– Must be certified!

IDAM (ex: Microsoft Identity and Access Administrator Associate)

SIEM (ex: Splunk Power User and must be certified

Bachelor’s degree in computer science, cybersecurity, information technology, or a related field (or equivalent work experience)

8+ years of experience supporting large-scale IT related projects

7+ years of experience supporting incident response in an enterprise-level Security Operations Center (SOC)

A deep understanding of cybersecurity principles, incident response methodologies, and a proactive mindset to ensure the SOC operates effectively in a high-pressure environment

Strong experience with security technologies including SIEM, IDS/IPS, EDR, and network monitoring tools

Experience with security focused cloud-native tooling such as Azure Sentinel and AWS GuardDuty

Experience with enterprise ticketing systems like ServiceNow

Excellent analytical and problem-solving skills

Ability to work independently and in a team environment to identify errors, pinpoint root causes, and devise solutions with minimal oversight

Ability to function in multiple capacities and learn quickly

Strong verbal and written communication skills



Certification
SANS certifications: GCFE, GCIH, and equivalent level are both required