KeenLogic
Senior SOC Analyst and Incident Responder
KeenLogic is seeking to hire a
Senior SOC Analyst & Incident Responder
to join our team at the Drug Enforcement Administration. The role supports a wide range of cybersecurity functions, including information security, SPAA, incident response, cyber security, insider threat, computer forensics, vulnerability and management, network data capture, intrusion detection, log management, auditing, SIEM, and penetration testing.
This is a full-time onsite position offering Fortune 500-level benefits: health/dental/vision, PTO, 401(k), and Life Insurance. The daily schedule is 7 AM – 3 PM and is based in Merrifield, VA.
Position Summary The Senior SOC Analyst is a key member of the 24/7/365 Security Operations Center and serves as the escalation point for advanced investigations, incident response, and proactive threat hunting. The analyst conducts higher-level analysis than other team members, performs deep forensic investigations, correlates multi-source threat intelligence, and guides containment and remediation strategies. The analyst identifies and mitigates advanced threats across enterprise IT endpoints, cloud environments, and OT systems while leveraging frameworks such as MITRE ATT&CK.
The analyst mentors junior staff, refines SOC processes, and collaborates with engineers, threat intelligence, and forensics teams to enhance detection capabilities, improve incident response readiness, and deliver actionable insights to leadership.
Required Qualifications
Active Secret or Top Secret clearance
Master’s degree with 8 years of relevant experience or Bachelor’s degree with 11 years of relevant experience
Documented experience performing Information System Security, Security Assessment & Authorization, Cybersecurity, Computer Forensics, Insider Threat activities
Certifications: CBROPS, CFR, CompTIA CySA+, Security+ CE, CASP+ CE, FITSP‑O, SANS (GCFA, GCIA, GDSA, GICSP), CCNA‑Security, CCNP Security, CISSP (or associate), CCSP, CISA, SSCP, CND
Duties and Responsibilities
Lead advanced incident detection, investigation, and analysis efforts
Correlate SIEM, EDR, IDS/IPS, and firewall data to identify and analyze potential incidents
Perform deep‑dive investigations to determine root cause, scope, and impact
Apply MITRE ATT&CK and other frameworks for adversary TTP identification
Conduct kill‑chain and supply‑chain analysis to understand and counter threats
Coordinate and direct complex incident response activities
Guide preparation, containment, eradication, and recovery actions in collaboration with SOC, forensics, and engineering teams
Serve as the primary escalation point for high‑impact or advanced incidents
Ensure incident handling aligns with established guidelines, response plans, and playbooks
Conduct proactive threat hunting to identify emerging risks
Analyze telemetry, logs, and behavioral patterns for indicators of compromise or attack
Hunt for advanced persistent threats and undiscovered vulnerabilities
Use advanced queries in SOC tools to detect anomalous or suspicious activity
Work with forensic teams to ensure proper evidence collection, preservation, and analysis
Coordinate chain‑of‑custody and evidence integrity procedures
Extract and analyze artifacts to support investigations and post‑incident reviews
Document and communicate findings to stakeholders
Develop and enhance SOC processes, playbooks, and detection capabilities
Refine detection rules, alert thresholds, and automation workflows in SIEM/SOAR and other tools
Create SOPs, knowledge base articles, and training materials for SOC staff
Recommend and guide implementation of new detection and analysis tools
Perform threat intelligence collection, analysis, and dissemination
Gather threat data from internal, classified, and open‑source feeds
Analyze and contextualize intelligence to produce actionable recommendations
Share relevant threat information with SOC, leadership, and partner teams
Mentor and train SOC analysts to improve investigative capabilities
Provide real‑time guidance during active incidents
Conduct regular training sessions, tabletop exercises, and red/blue team drills
Validate analyst findings and provide feedback to improve accuracy and thoroughness
Collaborate with stakeholders to strengthen overall cybersecurity posture
Work with engineering, IT, and cloud teams to address identified vulnerabilities
Participate in tool evaluations and recommend solutions that enhance SOC capabilities
Support internal coordination with DEA sections, divisions, and external entities
Maintain documentation and reporting for SOC operations
Record investigative steps, evidence, and incident timelines in case‑management systems
Generate incident reports, trend analyses, and post‑mortem summaries
Provide executive‑level briefings on security events and SOC performance
#J-18808-Ljbffr
KeenLogic is seeking to hire a
Senior SOC Analyst & Incident Responder
to join our team at the Drug Enforcement Administration. The role supports a wide range of cybersecurity functions, including information security, SPAA, incident response, cyber security, insider threat, computer forensics, vulnerability and management, network data capture, intrusion detection, log management, auditing, SIEM, and penetration testing.
This is a full-time onsite position offering Fortune 500-level benefits: health/dental/vision, PTO, 401(k), and Life Insurance. The daily schedule is 7 AM – 3 PM and is based in Merrifield, VA.
Position Summary The Senior SOC Analyst is a key member of the 24/7/365 Security Operations Center and serves as the escalation point for advanced investigations, incident response, and proactive threat hunting. The analyst conducts higher-level analysis than other team members, performs deep forensic investigations, correlates multi-source threat intelligence, and guides containment and remediation strategies. The analyst identifies and mitigates advanced threats across enterprise IT endpoints, cloud environments, and OT systems while leveraging frameworks such as MITRE ATT&CK.
The analyst mentors junior staff, refines SOC processes, and collaborates with engineers, threat intelligence, and forensics teams to enhance detection capabilities, improve incident response readiness, and deliver actionable insights to leadership.
Required Qualifications
Active Secret or Top Secret clearance
Master’s degree with 8 years of relevant experience or Bachelor’s degree with 11 years of relevant experience
Documented experience performing Information System Security, Security Assessment & Authorization, Cybersecurity, Computer Forensics, Insider Threat activities
Certifications: CBROPS, CFR, CompTIA CySA+, Security+ CE, CASP+ CE, FITSP‑O, SANS (GCFA, GCIA, GDSA, GICSP), CCNA‑Security, CCNP Security, CISSP (or associate), CCSP, CISA, SSCP, CND
Duties and Responsibilities
Lead advanced incident detection, investigation, and analysis efforts
Correlate SIEM, EDR, IDS/IPS, and firewall data to identify and analyze potential incidents
Perform deep‑dive investigations to determine root cause, scope, and impact
Apply MITRE ATT&CK and other frameworks for adversary TTP identification
Conduct kill‑chain and supply‑chain analysis to understand and counter threats
Coordinate and direct complex incident response activities
Guide preparation, containment, eradication, and recovery actions in collaboration with SOC, forensics, and engineering teams
Serve as the primary escalation point for high‑impact or advanced incidents
Ensure incident handling aligns with established guidelines, response plans, and playbooks
Conduct proactive threat hunting to identify emerging risks
Analyze telemetry, logs, and behavioral patterns for indicators of compromise or attack
Hunt for advanced persistent threats and undiscovered vulnerabilities
Use advanced queries in SOC tools to detect anomalous or suspicious activity
Work with forensic teams to ensure proper evidence collection, preservation, and analysis
Coordinate chain‑of‑custody and evidence integrity procedures
Extract and analyze artifacts to support investigations and post‑incident reviews
Document and communicate findings to stakeholders
Develop and enhance SOC processes, playbooks, and detection capabilities
Refine detection rules, alert thresholds, and automation workflows in SIEM/SOAR and other tools
Create SOPs, knowledge base articles, and training materials for SOC staff
Recommend and guide implementation of new detection and analysis tools
Perform threat intelligence collection, analysis, and dissemination
Gather threat data from internal, classified, and open‑source feeds
Analyze and contextualize intelligence to produce actionable recommendations
Share relevant threat information with SOC, leadership, and partner teams
Mentor and train SOC analysts to improve investigative capabilities
Provide real‑time guidance during active incidents
Conduct regular training sessions, tabletop exercises, and red/blue team drills
Validate analyst findings and provide feedback to improve accuracy and thoroughness
Collaborate with stakeholders to strengthen overall cybersecurity posture
Work with engineering, IT, and cloud teams to address identified vulnerabilities
Participate in tool evaluations and recommend solutions that enhance SOC capabilities
Support internal coordination with DEA sections, divisions, and external entities
Maintain documentation and reporting for SOC operations
Record investigative steps, evidence, and incident timelines in case‑management systems
Generate incident reports, trend analyses, and post‑mortem summaries
Provide executive‑level briefings on security events and SOC performance
#J-18808-Ljbffr