KeenLogic is seeking to hire a Senior SOC Analyst & Incident Responder to join our team at the Drug Enforcement Administration. All the duties listed support one or more of the following cybersecurity- related functions; information security, SPAA, incident response, cyber security, insider threat, computer forensics, vulnerability assessment and management, network data capture, intrusion detection, log management, auditing, security incident and event management (SIEM), and penetration testing.
This is a full-time position offering Fortune 500-level health/dental/vision, PTO, 401k, and Life Insurance. This onsite role, with a daily schedule from 7 AM to 3 PM, based in Merrifield, VA.
Position Summary
The Senior SOC Analyst is a key member of the 24/7/365 Security Operations Center, which serves as the escalation point for advanced investigations, incident response, and proactive threat hunting. This role conducts higher-level analysis than other analysts on the team. A senior SOC analyst performs deep forensic investigations, correlates multi-source threat intelligence information, and guides containment and remediation strategies. The Senior SOC Analyst identifies and mitigates advanced threats across enterprise IT endpoints, cloud environments, and OT systems. They leverage frameworks like the MITRE ATT&CK framework and others to detect, disrupt, and prevent malicious activity from occurring in the enterprise environment.
They work closely with the SOC manager and leads. They mentor junior staff, assist to refine SOC processes, and ensures the organization maintains a strong cybersecurity posture. They collaborate with engineers, threat intelligence and forensics teams to enhance detection capabilities, improve incident response readiness, and deliver actionable security insights to leadership.Required Qualifications
- Active Secret or Top Secret clearance
- Master’s degree and 8 years or Bachelor's degree and 11 years
- Documented work experience performing any combination of Information System Security, Security Assessment & Authorization, Cybersecurity, Computer Forensics, or Insider Threat
- One of the following required:
- CBROPS
- CFR
- CompTIA: CySA+, Security + CE, CASP+CE
- FITSP-O
- SANS: GCFA, GCIA, GDSA, GICSP
- CCNA-Security, CCNP Security
- CISSP (or associate), CCSP
- CISA
- SSCP
- CND
- Lead advanced incident detection, investigation, and analysis efforts.
- Correlate SIEM, EDR, IDS/IPS, and firewall data to identify and analyze potential incidents.
- Perform deep-dive investigations to determine root cause, scope, and impact of incidents.
- Apply MITRE ATT&CK and other frameworks for adversary TTP identification.
- Conduct kill-chain and supply chain analysis to understand and counter threats.
- Coordinate and direct complex incident response activities.
- Guide preparation, identification, containment, eradication, and recovery actions in collaboration with SOC, forensics, and engineering teams.
- Serve as the primary escalation point for high-impact or advanced incidents.
- Ensure incident handling aligns with established guidelines, response plans, and playbooks.
- Conduct proactive threat hunting to identify emerging risks.
- Analyze telemetry, logs, and behavioral patterns for indicators of compromise or attack.
- Hunt for advanced persistent threats and undiscovered vulnerabilities.
- Use advanced queries in SOC cybersecurity tools to detect anomalous or suspicious activity.
- Work with forensic teams to ensure proper forensic collection, preservation, and analysis of digital evidence.
- Coordinate with forensics teams to ensure chain-of-custody and evidence integrity.
- Extract and analyze relevant artifacts to support investigations and post-incident reviews.
- Document and communicate forensic findings to stakeholders.
- Develop and enhance SOC processes, playbooks, and detection capabilities.
- Refine detection rules, alert thresholds, and automation workflows in SIEM/SOAR platforms and other cybersecurity tools.
- Create SOPs, knowledge base articles, and training materials for SOC staff.
- Recommend and guide implementation of new detection and analysis tools.
- Perform threat intelligence collection, analysis, and dissemination.
- Gather threat data from internal, classified, and open-source intelligence feeds.
- Analyze and contextualize intelligence to produce actionable recommendations.
- Share relevant threat information with SOC, leadership, and partner teams.
- Mentor and train SOC analysts to improve investigative capabilities and analytical thought process.
- Provide real-time guidance during active incidents.
- Conduct regular training sessions, tabletop exercises, and red/blue team drills.
- Validate analyst findings and provide feedback to designed to provoke thought, improve accuracy, and investigative thoroughness.
- Collaborate with stakeholders to strengthen overall cybersecurity posture.
- Work with engineering, IT, and cloud teams to address identified vulnerabilities.
- Participate in tool evaluations, recommending solutions that enhance SOC capabilities and identify capability overlap.
- Support internal coordination with DEA sections, divisions, and external entities.
- Maintain documentation and reporting for SOC operations.
- Record investigative steps, evidence, and incident timelines in case management systems.
- Generate incident reports, trend analyses, and post-mortem summaries.
- Provide executive-level briefings on security events and SOC performance.
Top Skills
What We Do
Today’s government agencies must continually evolve to keep pace with the dynamic and rapidly changing technology landscape. To ensure continual innovation and improvement, these agencies must be able to anticipate all future needs while embracing technological advancements.
At KeenLogic, we create value through differentiation, innovation, and technology to drive high-quality enterprise IT services such as help desk as a service — for government customers. We combine the latest states of “what is” with an unrealized yet needed version of “what could be.”
KeenLogic operates two distinct lines of business:
(1) Enterprise IT Services (Helpdesk/Service Desk)
(2) Network/Internet Services (Fixed-Wireless Microwave Broadband)
We have a 10-year track record of high-quality performance and service delivery and a reputation for taking exceptional care of our team.
The company is well funded and capitalized to support new project ramp-up and overhead costs, has a highly experienced executive and management team, and a board of directors with over 20 years of management and operations experience.
We aim to provide the highest standard of customer service to government agencies by leveraging a corporate foundation that is built on CMMI Level III business processes, leadership, and financial strength.
Key attributes:
• 10-year history of providing quality, customer-focused IT solutions
• Excellent past performance and track record
• 95% employee retention rate
• Small business agility with large business resources
• Secret facility clearance
• Well capitalized for project ramp-up
• KeenLogic is a reputed enterprise IT services and help desk solutions provider that answers today’s problems while anticipating the needs of tomorrow.
