Job Description

The Senior Cyber Security Analyst functions as a Tier II SOC analyst responsible for leading advanced investigations, incident handling, and technical guidance within security operations for enterprise networks and mission‑critical systems. The role owns escalated alerts, correlates multi‑source telemetry, and directs containment and remediation for higher‑severity incidents while coordinating closely with infrastructure, application, and business teams.

This position also plays a key role in refining detection content and SOC playbooks, performing targeted threat hunting, and mentoring junior analysts to mature overall SOC capabilities. It aligns day‑to‑day operational decisions with organizational risk priorities and supports continuous improvement of security posture across the enterprise.

Key Responsibilities

• Serve as an escalation point for Tier 1 analysts, validating their findings, directing deeper analysis, and determining appropriate containment and remediation actions for complex incidents.
• Perform advanced correlation and analysis across SIEM events, EDR telemetry, network sensors, and identity logs to reconstruct attack chains and determine incident scope and impact.
• Lead incident handling for significant cases by coordinating with infrastructure, application, and business stakeholders to contain threats, restore services, and limit business disruption.
• Tune and develop SIEM and detection content, including correlation rules, analytic queries, and dashboards, to improve detection fidelity and align with frameworks such as MITRE ATT&CK.
• Use threat intelligence and contextual data to enrich investigations, identify attacker objectives, and recommend durable control and process improvements.
• Guide and mentor junior SOC analysts on investigation techniques, documentation standards, and communication practices, helping to mature SOC processes and capabilities.
• Conduct or participate in targeted threat hunting activities to proactively identify hidden threats, misconfigurations, or monitoring gaps in the environment.
• Collaborate with SOC leadership to contribute to post‑incident reviews and drive follow‑up actions that strengthen playbooks, tooling, and overall security posture.

Required Qualifications

• High School Diploma or equivalent.
• More than 1 year of experience in Cyber Security, SOC operations, or Incident Response, with a strong preference for 3–7 years in SOC or cyber defense roles with growing investigative leadership.
• Demonstrated experience working with security monitoring tools or SIEM platforms to investigate and respond to security incidents.
• Proven ability to lead incident analysis, direct Tier 1 analysts, and manage multiple concurrent incidents in a high‑pressure SOC environment.
• Strong analytical and investigative mindset with the ability to reconstruct attack paths and distinguish true positives from noise.
• Excellent written and verbal communication skills for documenting investigations, presenting findings, and coordinating with technical and non‑technical stakeholders.
• S. citizenship, with the ability to satisfy client background investigation requirements in a federal IT environment.

Preferred Qualifications

• Cybersecurity certifications such as CompTIA CySA+, CEH, SC‑200, or CISSP (or active progress toward one or more of these).
• Prior supervisory, team lead, or shift lead experience in a Security Operations Center, incident response, or cyber defense environment, including experience coordinating and guiding the work of junior analysts.
• Hands‑on experience with enterprise SIEM and EDR platforms such as Splunk, Microsoft Sentinel, IBM QRadar, and leading EDR tools, including creation and tuning of detection content.
• Familiarity with MITRE ATT&CK, threat intelligence analysis, and modern adversary techniques, tactics, and procedures.
• Post‑secondary education in Cybersecurity, Information Security, Computer Science, or a related technical discipline.
• Experience contributing to post‑incident reviews and implementing corrective actions that improve SOC processes and controls.

Qualifications

Compensation Ranges

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.