Varite
R ole: Senior SOC Analyst
Location: Arlington, VA (onsite)
Job Type: Full-Time
Core Responsibilities : Lead Tier 2/3 incident investigations across classified and unclassified networks. Use frameworks such as NIST 800-61, MITRE Telecommunication&CK, and DoD Cyber Kill Chain for structured IR. Coordinate response with counterintelligence, compliance, and federal authorities as required. Manage and optimize Rapid7 InsightIDR, InsightConnect, Nexpose, and InsightVM. Rapid7 InsightIDR (XDR + SIEM) for real-time detection and analytics. Rapid7 InsightConnect (SOAR) to automate IR playbooks. Rapid7 Nexpose & InsightVM to identify, assess, and prioritize vulnerabilities across hybrid environments. Correlate vulnerabilities with threat data to prioritize remediation of exploitable risks. Build automation workflows for patching and remediation through Ansible and Puppet. Conduct proactive threat hunting against nation-state adversaries using SIEM queries and Python scripts. Conduct continuous threat hunting using Python and SIEM queries (KQL, SPL, SQL-like languages). Develop advanced detection logic mapped to MITRE Telecommunication&CK TTPs. Integrate threat intelligence feeds (STIX/TAXII, MISP, DoD threat Client sources) into SOC workflows. Python: Write custom scripts for IOC enrichment, API integrations, and log analysis. Ansible: Automate system hardening, patch management, and incident response workflows. Puppet: Standardize secure baselines across Linux/Windows systems in both classified and commercial networks. Develop reusable automation playbooks integrated with Rapid7 SOAR. Secure workloads across AWS GovCloud, Azure Government, and Boeing's private cloud infrastructure. Monitor Kubernetes and containerized defense applications for runtime anomalies. Implement identity/security policy enforcement across multi-cloud and hybrid environments. Ensure compliance with CMMC, NIST 800-171, NIST 800-53, ITAR, and FedRAMP. Maintain audit-ready documentation for DoD and regulatory inspections. Support Boeing's supply chain cybersecurity programs, ensuring third-party compliance. Required Skills & Experience :
10+ years in SOC operations, threat detection, and incident response. Hands-on experience with the Rapid7 ecosystem (InsightIDR, InsightConnect, Nexpose, InsightVM). Strong automation experience using Python, Ansible, and Puppet. Familiarity with PowerShell and Bash scripting for cross-platform automation. Deep knowledge of nation-state threat actors, APT techniques, and defense cyber operations. Experience with SIEM, SOAR, IDS/IPS, EDR/XDR, firewalls, and vulnerability management. Strong communication and ability to brief executives and federal stakeholders. Education & Certifications:
Bachelors in Cybersecurity, Computer Science, or related field. Certifications required: InsightIDR Certified Specialist
Core Responsibilities : Lead Tier 2/3 incident investigations across classified and unclassified networks. Use frameworks such as NIST 800-61, MITRE Telecommunication&CK, and DoD Cyber Kill Chain for structured IR. Coordinate response with counterintelligence, compliance, and federal authorities as required. Manage and optimize Rapid7 InsightIDR, InsightConnect, Nexpose, and InsightVM. Rapid7 InsightIDR (XDR + SIEM) for real-time detection and analytics. Rapid7 InsightConnect (SOAR) to automate IR playbooks. Rapid7 Nexpose & InsightVM to identify, assess, and prioritize vulnerabilities across hybrid environments. Correlate vulnerabilities with threat data to prioritize remediation of exploitable risks. Build automation workflows for patching and remediation through Ansible and Puppet. Conduct proactive threat hunting against nation-state adversaries using SIEM queries and Python scripts. Conduct continuous threat hunting using Python and SIEM queries (KQL, SPL, SQL-like languages). Develop advanced detection logic mapped to MITRE Telecommunication&CK TTPs. Integrate threat intelligence feeds (STIX/TAXII, MISP, DoD threat Client sources) into SOC workflows. Python: Write custom scripts for IOC enrichment, API integrations, and log analysis. Ansible: Automate system hardening, patch management, and incident response workflows. Puppet: Standardize secure baselines across Linux/Windows systems in both classified and commercial networks. Develop reusable automation playbooks integrated with Rapid7 SOAR. Secure workloads across AWS GovCloud, Azure Government, and Boeing's private cloud infrastructure. Monitor Kubernetes and containerized defense applications for runtime anomalies. Implement identity/security policy enforcement across multi-cloud and hybrid environments. Ensure compliance with CMMC, NIST 800-171, NIST 800-53, ITAR, and FedRAMP. Maintain audit-ready documentation for DoD and regulatory inspections. Support Boeing's supply chain cybersecurity programs, ensuring third-party compliance. Required Skills & Experience :
10+ years in SOC operations, threat detection, and incident response. Hands-on experience with the Rapid7 ecosystem (InsightIDR, InsightConnect, Nexpose, InsightVM). Strong automation experience using Python, Ansible, and Puppet. Familiarity with PowerShell and Bash scripting for cross-platform automation. Deep knowledge of nation-state threat actors, APT techniques, and defense cyber operations. Experience with SIEM, SOAR, IDS/IPS, EDR/XDR, firewalls, and vulnerability management. Strong communication and ability to brief executives and federal stakeholders. Education & Certifications:
Bachelors in Cybersecurity, Computer Science, or related field. Certifications required: InsightIDR Certified Specialist