Lead Cyber Security Operations Center (CSOC) Analyst - USDS

ing detection engineering efforts to mentoring analysts and influencing process improvements, this is where tactical excellence meets strategic impact.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Tasks and Responsibilities:

• As a Lead SOC Analyst, you'll play a critical role at the intersection of frontline detection, incident response, and strategic defense engineering. This isn't a passive monitoring role-you'll be empowered to lead investigations, shape detection logic, and elevate the SOC's analytical and operational rigor.
• Lead high-fidelity investigations from triage to root cause, coordinating incident response efforts across threat surfaces including endpoint, cloud, identity, and SaaS.
• Mentor and develop SOC analysts, raising the technical bar through case reviews, scenario-based training, and real-time guidance during critical events.

Qualifications

Minimum Qualifications

• 5+ years experience handling security-related incidents along with identifying and responding to advanced threats and threat actor TTPs
• Excellent communication skills, ability to influence without authority while demonstrating leadership and collaboration skills, in particular in leading or contributing to global and multi-functional analyst SOC teams.
• Demonstrated time management, problem-solving, effort prioritization and interpersonal skills as well as the ability to work well to solve problems and meet objectives
• Excellent knowledge of industry-standard frameworks (e.g., MITRE ATT&CK)
• Strong analytical/problem-solving skills and cross-functional expertise across multiple IT operational and security disciplines with the ability to communicate technical concepts to a broad range of technical and non-technical staff
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change

Preferred Qualifications

• GCIA, GCIH, GREM or applicable experience in the Information Security field
• One or more programming/scripting languages (e.g., Perl, Java, Python, etc.) / SQL - Experience writing and executing SQL queries
• Experience in performing or overseeing static/dynamic malware analysis and performing digital forensics for incident response
• High level of SIEM search and use case development/ detection experience
• Strong Operating System Administration skills including conceptual knowledge of OS internals and experience with core service types along with strong experience in cloud hosted environments - including UNIX/Linux and Windows environments