Job Description

cFocus Software seeks a Tier 3 SOC Analyst to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.
Qualifications:

• Active Public Trust clearance
• B.S. Computer Science, Information Technology, or a related field
• 5+ years of SOC Analyst experience
• Expert knowledge of incident response, threat hunting, and detection engineering
• Advanced experience with Microsoft Sentinel (SIEM) and Microsoft Defender tools
• Strong understanding of MITRE ATT&CK framework and adversary tactics
• Experience with digital forensics and malware analysis techniques
• Ability to analyze logs across identity, endpoint, network, and cloud environments
• Strong knowledge of AWS logs (CloudTrail, VPC Flow Logs) and enterprise security tools
• Experience with KQL (Kusto Query Language) and advanced correlation analysis
• Deep understanding of NIST frameworks (800-53, 800-61, 800-92) and Zero Trust principles
• Experience with SOAR platforms and automation (Logic Apps, Sentinel playbooks)
• Experience supporting federal environments and compliance (CUI, FTI, NIST, IRS 1075)
• Experience leading incident response engagements and reporting to leadership
• Preferred certifications include but are not limited to
  • GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
  • Microsoft Sentinel or Microsoft security platform certifications
  • Relevant cloud security certifications (e.g., AWS security)
  • Privacy certifications (e.g., CIPP/US, CIPM) where applicable

Duties:

• Lead investigation and response for complex and high-severity security incidents
• Perform advanced threat hunting using Microsoft Sentinel and Defender platforms
• Conduct digital forensics, malware analysis, and root cause analysis (RCA)
• Develop, tune, and optimize detection rules, analytics, and correlation logic
• Map detections and activities to MITRE ATT&CK framework
• Oversee incident lifecycle management (detection through containment, eradication, and recovery)
• Support and improve SOC playbooks, automation workflows, and response procedures
• Provide mentorship and guidance to Tier I and Tier II analysts
• Identify security control gaps and recommend remediation strategies
• Support red team, purple team, and adversary emulation exercises
• Contribute to incident reports, quarterly threat reviews, and executive briefings

Job Tags

Full time, Work at office

Similar Jobs