Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related discipline
3-5 years of experience supporting security operations, network security monitoring, or firewall administration
Experience with SIEM platforms and cybersecurity monitoring tools; familiarity with IDS/IPS systems, endpoint security solutions, and network security technologies
Understanding of federal cybersecurity frameworks such as NIST RMF and FISMA, and strong analytical, troubleshooting, and documentation skills
Requirements:
Monitor security tools and alerts (SIEM, IDS/IPS, endpoint protection) to detect and respond to potential security incidents and support Security Operations Center activities
Configure and manage firewall rules, perform rule reviews, and enforce least-privilege and default-deny network segmentation; support change-control processes
Analyze system and network logs to identify indicators of compromise; investigate alerts and document investigations and response activities; coordinate with cybersecurity teams to remediate vulnerabilities
Ensure logging configurations comply with federal guidance (e.g., OMB M-21-31, HHS/NIH standards) and assist with cybersecurity compliance and audit preparation
Job description
cFocus Software seeks a Security Operations / Firewall Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance. Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.
Minimum 3–5 years of experience supporting security operations, network security monitoring, or firewall administration.
Experience with SIEM platforms and cybersecurity monitoring tools.
Familiarity with IDS/IPS systems, endpoint security solutions, and network security technologies.
Experience supporting firewall administration and rule management.
Understanding of federal cybersecurity frameworks such as NIST RMF and FISMA.
Strong analytical, troubleshooting, and documentation skills.
Duties:
Monitor cybersecurity tools and alerts to detect and respond to potential security incidents.
Support Security Operations Center (SOC) activities including threat monitoring and alert analysis.
Assist with firewall configuration, rule management, and network segmentation enforcement.
Analyze system and network logs to identify suspicious or unauthorized activities.
Coordinate with cybersecurity teams to respond to incidents and mitigate vulnerabilities.
Monitor SIEM platforms, IDS/IPS systems, endpoint protection tools, and other security monitoring systems.
Investigate security alerts and escalate incidents based on severity and impact.
Perform analysis of network traffic and endpoint telemetry to identify indicators of compromise.
Track and document incident investigations and response activities.
Provide operational monitoring support during high-volume security events or incidents.
Manage firewall rules to enforce least privilege and default-deny access policies.
Support configuration management and change control processes for firewall rule updates.
Conduct routine firewall rule reviews to identify obsolete or unnecessary access rules.
Validate firewall configurations and ensure compliance with HHS and NIH security standards.
Support network segmentation and security zone management to protect sensitive systems.
Validate and monitor logs generated by network and security devices.
Ensure logging configurations comply with federal cybersecurity guidance including OMB M-21-31.
Analyze log data to identify anomalies, policy violations, or indicators of malicious activity.
Assist with cybersecurity compliance activities and audit preparation.
Security Operations Center (SOC) Analyst Related jobs
