Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
1-2 years of experience in a SOC, cybersecurity operations, or IT security role
Experience with SIEM platforms (e.g., Splunk), EDR tools, and log analysis
Understanding of networking, operating systems, cybersecurity fundamentals, and familiarity with incident response lifecycle and security monitoring processes
Requirements:
Perform continuous security monitoring of network, endpoint, and cloud environments in a 24/7/365 SOC; analyze and triage security alerts generated from SIEM, SOAR, EDR, and other security tools
Identify potential security incidents including malware, phishing, unauthorized access, and anomalous behavior; execute initial incident response procedures and escalate incidents to Tier 2/3 analysts as required
Monitor and analyze security logs, events, and alerts for suspicious activity; support threat detection and response activities using threat intelligence and analytics; assist with vulnerability monitoring including tracking Known Exploited Vulnerabilities (KEVs) and vulnerability disclosures
Document all incidents, findings, and actions taken in ticketing systems (e.g., ServiceNow); participate in shift handoffs and maintain situational awareness; follow SOPs, playbooks, and incident response procedures; support compliance with federal cybersecurity requirements and policies
Job description
cFocus Software seeks a Tier 1 SOC Analyst to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance. Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience).
1–2 years of experience in a SOC, cybersecurity operations, or IT security role.
Experience with SIEM platforms (e.g., Splunk), EDR tools, and log analysis.
Understanding of networking, operating systems, and cybersecurity fundamentals.
Familiarity with incident response lifecycle and security monitoring processes.
Duties:
Perform continuous security monitoring of network, endpoint, and cloud environments in a 24/7/365 SOC.
Analyze and triage security alerts generated from SIEM, SOAR, EDR, and other security tools.
Identify potential security incidents including malware, phishing, unauthorized access, and anomalous behavior.
Execute initial incident response procedures and escalate incidents to Tier 2/3 analysts as required.
Monitor and analyze security logs, events, and alerts for suspicious activity.
Support threat detection and response activities using threat intelligence and analytics.
Assist with vulnerability monitoring, including tracking Known Exploited Vulnerabilities (KEVs) and vulnerability disclosures.
Document all incidents, findings, and actions taken in ticketing systems (e.g., ServiceNow).
Support log aggregation, correlation, and analysis activities.
Assist with dark web monitoring and indicator tracking as directed.
Participate in shift handoffs and maintain situational awareness across SOC operations.
Follow established SOPs, playbooks, and incident response procedures.
Support compliance with federal cybersecurity requirements and policies.
