Cybersecurity Operations Analyst I Job at NeoSystems LLC in Reston

The Cybersecurity Operations Analyst I (COA 1) is responsible for the initial triage and monitoring of security events, working exclusively in Microsoft 365 E5 environments, and helping to enforce CMMC 2.0 requirements. COA 1 will work alongside senior analysts and engineers to identify suspicious activity, validate alerts, and support incident response workflows.

Summary

The Cybersecurity Operations Analyst I (COA 1) is responsible for the initial triage and monitoring of security events, working exclusively in Microsoft 365 E5 environments, and helping to enforce CMMC 2.0 requirements.

Role And Responsibilities

• Monitoring and triage: Monitor alerts and notifications from Microsoft 365 Defender suite, perform initial triage of security alerts, determine false positives, and escalate true positives based on playbook criteria.
• Monitor for alerts from other alerting sources (such as external or outsourced Security Operations Center).
• Review and classify incidents in Microsoft Sentinel or third-party SIEM tools according to severity and SLA guidelines.
• Manage security operations tasks and assignments in ticketing system.

• Incident handling and response support: Assist senior analysts during active incidents by collecting logs, screenshots, and device/user activity history.
• Document timelines, observations, and artifacts to support root cause analysis and reporting.
• Conduct follow-up on low-risk alerts and phishing investigations (possibly with supervised guidance).

• Customer interaction and ticket management: Document findings and updates in the SOC ticketing system with accuracy and clarity.
• Respond to basic client inquiries related to user behavior, alert definitions, or mitigation steps under supervision.
• Follow documented workflows to support CMMC 2.0 incident response requirements, including reporting timelines and evidence handling.

• Platform maintenance and log health: Review and report on log ingestion health from Defender, Entra ID, and endpoint agents across customer tenants as required.
• Assist in onboarding new clients to SOC monitoring tools and validating telemetry and log collection flows.
• Identify noisy or misconfigured alert rules and report recommendations to senior analysts.
• Assist in gathering and assembling audit evidence to support compliance assessments.

• Vulnerability and patch management: Manage operating system and third-party software patching cycles for customer environments.
• Prioritize and manage vulnerability remediation in coordination with infrastructure teams and customer needs.
• Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement.

Qualifications

• 1–2 years of experience in IT support, help desk, cybersecurity, or SOC environment (or relevant degree with internship/entry-level experience).
• Familiarity with Windows event logs, Microsoft 365 audit logs, and endpoint activity.
• Basic understanding of cybersecurity concepts, attack vectors, and threat modeling.
• Comfortable with Microsoft 365 environments and cloud-native tooling.
• Strong written communication skills for documentation and customer updates.
• Security+ or SC-900 certification
• Must be a U.S. citizen eligible for ITAR-compliant work.

Preferred Skills

• Exposure to Microsoft Defender XDR
• Microsoft SC-100 or SC-200 certification
• Understanding of CMMC and NIST 800-171 requirements
• Knowledge of the MITRE ATT&CK framework

Additional Notes

• Ability to travel

EOE M/F/D/V