Job Description

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.

The Junior Cybersecurity Analyst supports 24x7 cybersecurity monitoring, incident detection, alert triage, ticket response, escalation management, and operational reporting activities within a Network Operations Center (NOC) and Cybersecurity Operations Center (CSOC) environment. The analyst assists in monitoring enterprise, cloud, and tactical network environments, identifying potential security events, responding to operational tickets, supporting incident response activities, and maintaining operational awareness across connected and disconnected operational environments.

This role supports continuous monitoring operations utilizing SIEM, IDS/IPS, EDR/XDR, vulnerability management, cloud security, Zero Trust access, and ticketing platforms while operating within established operational procedures, escalation workflows, SLA requirements, and security playbooks.

Responsibilities

• Monitor security events, alerts, dashboards, and operational queues within SIEM, IDS/IPS, and cloud security platforms
• Respond to operational tickets, incidents, and service requests within established SLA response timelines
• Ensure ticket updates, escalations, documentation, and resolution activities comply with contractual SLA requirements
• Perform initial triage and classification of cybersecurity and operational alerts
• Escalate incidents in accordance with operational severity classifications and response procedures
• Assist with incident investigation, event enrichment, and evidence collection activities
• Support ticket management, workflow tracking, and operational documentation within JIRA or equivalent ITSM platforms
• Monitor endpoint, network, cloud, and infrastructure telemetry for indicators of compromise or operational degradation
• Support vulnerability management activities, including Nessus scan review and remediation tracking
• Monitor and support security operations within AWS and Microsoft Azure cloud environments
• Support Appgate Secure Access and Zero Trust access monitoring activities
• Assist with Splunk dashboard monitoring, search analysis, correlation review, and alert validation
• Support operational reporting, metrics collection, SLA tracking, and audit readiness activities
• Maintain situational awareness across connected, degraded, and disconnected operational environments
• Follow established cybersecurity procedures, change control processes, escalation paths, and operational playbooks
• Participate in shift turnover briefings and operational status reporting
• Support coordination activities between NOC, CSOC, engineering, cloud operations, and field support personnel
• Maintain operational logs, incident records, and audit documentation

Work environment:

• 24x7 operational monitoring environment
• Shift-based operations, including nights, weekends, and holidays as required/if required
• SLA-driven operational support environment
• Hybrid operational support across enterprise, cloud, and tactical/disconnected environments
• Collaboration with engineering, cybersecurity, cloud operations, field operations, and customer stakeholders

Required Experience/Qualifications

• Associate’s degree or Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience)
• 0–3 years of cybersecurity, SOC, NOC, cloud operations, service desk, or IT operations experience
• Basic understanding of:
  • cybersecurity principles
  • networking fundamentals
  • TCP/IP
  • operating systems
  • cloud security concepts
  • and security monitoring operations
• Familiarity with cybersecurity and monitoring tools such as:
  • Splunk
  • Security Onion
  • CrowdStrike
  • Nessus
  • ELK/Elasticsearch
  • Appgate
  • AWS CloudWatch
  • Microsoft Azure Monitor
  • or similar technologies
• Basic understanding of:
  • SIEM operations
  • incident response
  • log analysis
  • vulnerability management
  • cloud monitoring
  • ticket management
  • and threat detection concepts
• Familiarity with AWS and Microsoft Azure environments
• Experience responding to tickets and working within SLA-driven operational environments preferred
• Ability to follow operational procedures and escalation workflows
• Strong analytical and problem-solving skills
• Effective written and verbal communication skills
• Ability to work rotating shifts in a 24x7 operational environment

Preferred Experience/Qualifications

• Security+ certification (or ability to obtain within 6 months)
• AWS Certified Cloud Practitioner (preferred)
• Microsoft Azure Fundamentals (AZ-900) certification (preferred)
• Familiarity with:
  • NIST frameworks
  • RMF
  • CMMC
  • Zero Trust architectures
  • or DoD cybersecurity environments
• Experience with:
  • Splunk SIEM
  • AWS security services
  • Azure security services
  • Appgate SDP
  • or cloud-native monitoring platforms
• Experience with ticketing systems such as JIRA or ServiceNow
• Exposure to virtualization, endpoint security, or cloud-native security technologies
• Active U.S. Government security clearance (preferred but not required)

Special Requirements/Security Clearance

• Ability to obtain and maintain a U.S. Government security clearance, if required by contract.