DCO Watch Analyst Tier II

Cyber Security Analyst I, DCO Watch Analyst Tier II 
North Charleston, SC 
Secret Required to Start, TS SCI Required 
The Tier 2 Defensive Cyber Operations (DCO) Watch Analyst is an intermediate role responsible for analyzing and responding to security incidents within a Cybersecurity Service Provider (CSSP) environment. You will  investigate validated events, coordinates with stakeholders, and performs detailed analysis to mitigate incidents. 
Position Requirements and Duties  

• Analyze and respond to validated security incidents, determining severity and impact per CJCSM 6510.01B 
• Support incident response campaigns by organizing response efforts, tracking progress, and ensuring proper documentation 
• Coordinate with reporting agencies and subscriber sites to ensure timely and accurate incident reporting 
• Perform network and host-based digital forensics on Windows and other operating systems as needed 
• Conduct log correlation analysis using Splunk and supplemental tools to identify patterns in network and system activity 
• Compile and maintain internal SOP documentation, ensuring compliance with CJCSM 6510.01B and other directives 
• Provide 24/7 support for incident response during assigned shifts, including non-core hours 
• Support IDS/IPS signature development and implementation under guidance 
• Overtime may be required to support incident response actions (Surge) 
• Operations are conducted 24/7/365 across three regional operation centers (ROC) 
• Each ROC works four ten-hour shifts (Sunday-Wednesday or Wednesday-Saturday) 
• Shift placement is at the discretion of assigned managers 
• Up to 10% travel may be required, may be international 
• Must maintain a US passport 

Minimum Qualifications 

• Bachelor’s Degree in relevant discipline and 2 years of experience or at least 5 years of experience working in a CSSP, SOC, or similar environment 
• Must be a U.S. Citizen  

Desired Qualifications

• Experience with Log Aggregation Tools (e.g., Splunk, Elastic, Sentinel)  
• Experience with IDS/IPS, host-based, and operating system logging solutions 
• Experience with digital forensics on Windows and/or Linux operating systems 
• Demonstrated experience performing threat hunts, and/or incident response 
• Familiarity with CJCSM 6510.01B  
• Logical thinking and analytical ability  
• Strong verbal and written communication skills 

Required Certifications 

• Must have requisite certifications to fulfill DoD 8570 IAT Level II and CSSP-specific requirements