Tier I Defensive Cyber Operations Watch Analyst

Cyber Security Analyst I, DCO Watch Analyst (Tier 1) 
North Charleston, SC 
Secret Clearance required to start, with ability to obtain TS/SCI  
 
As a Tier I Defensive Cyber Operations (DCO) Watch Analyst, you will be responsible for monitoring and triaging security events within a Cybersecurity Service Provider (CSSP) environment. You will identify and validate suspicious events, escalate incidents as needed, and support basic incident response activities. This role ensures compliance with reporting requirements and operates under close supervision. 
Position Requirements and Duties

• Monitor network and host-based systems for suspicious activity using provided tools and SOPs  
• Validate security events and escalate potential incidents to Tier 2 analysts per CJCSM 6510.01B guidelines 
• Enter incident data into designated reporting systems with accuracy and timeliness 
• Assist in managing incident response campaigns by documenting and tracking basic incident details under supervision 
• Provide 24/7 support for incident response during assigned shifts, including non-core hours as needed 
• Participate in training to develop familiarity with CSSP tools and processes 
• Support basic log correlation tasks using tools like Splunk, Elastic, and Sentinel 
• Assist in program reviews and product evaluations as directed 
• Operations are conducted 24/7/365 across three regional operation centers (ROC) 
• Each ROC works four ten-hour shifts (Sunday-Wednesday or Wednesday-Saturday) 
• Shift placement is at the discretion of assigned managers 
• Overtime may be required to support incident response actions (Surge) 
• Up to 10% travel may be required, including international travel 

Minimum Qualifications

• Bachelor’s degree in relevant technical discipline or 3+ years of experience working in a CSSP, SOC, or similar environment 
• Must be a U.S. Citizen 

 
Desired Qualifications  

• Demonstrated experience conducting in-depth log correlation and analysis for complex security incidents across multiple data sources (e.g., EDR, IDS/IPS, DNS, & operating system logging solutions) 
• Advanced proficiency in writing complex search queries in SIEM platforms (e.g., Splunk, Elastic, Sentinel) to identify anomalous or malicious activity 
• Experience building advanced scripts (e.g., in Python, PowerShell, Bash, etc) to automate detection and analysis tasks 
• Experience integrating and operationalizing threat intelligence feeds to create new detection mechanisms or enrich existing data 
• Demonstrated passion for cybersecurity and continuous learning through active participation in Capture the Flag (CTF) events, (e.g., TryHackMe, Hack The Box, etc) 
• Completion of practical, hands-on cybersecurity training courses or certifications (e.g., Security Blue Team BTL1/BTL2, AntiSyphon training courses, OffSec OSCP) 

Required Certifications 

• Must have requisite certifications to fulfill DoD 8570 IAT Level II and CSSP-specific requirements