Level 2 Security Operations Center (SOC) Analyst

Job Summary:

A Level 2 Security Analyst is responsible for the refined security event assessment long-term analysis and deep dive investigation into potential incidents.


  • Monitoring level 1 analyst performance by investigating incoming events using SOC technical capabilities and tools
  • Ensuring level 1 event(s) are addressed in a timely manner
  • Approving and, if necessary, further investigating level 1-escalated events
  • Mentoring level 1 analysts to improve detection capability within the SOC
  • Gathering intelligence reports, monitoring ticket queues, investigating reported incidents, and interacting with other security and network teams, as necessary
  • Serving as detection authority for initial incident declaration
  • Functioning as shift subject-matter experts (SMEs) on incident detection and analysis techniques
  • Conducting security research and intelligence gathering on emerging threats and exploits
  • Backing up level 1 analyst for any potential coverage gaps to ensure SOC continuity

Requirements: (Clearance/Citizenship)

  • Must be US Citizen and able to obtain position of Public Trust designation
  • CompTIA Security +, GIAC Security Essentials Certification, or GIAC Certified Incident Handler is required
  • GCIA, GCIH, CISSP or other related certifications are preferred
  • Demonstrated excellent written and oral communication skills
  • 2+ years’ experience using and supporting commercial vulnerability and compliance scanning products (e.g. Qualys, Rapid7, TripWire, Foundstone, nCircle, Nessus)
  • 4+ years of experience (minimum) and hands-on working knowledge with a variety of security technologies and processes including but not limited to Firewall (such as Check Point, Fortinet, Cisco ASA, Palo Alto, Juniper), VPN, SEIM, IDS/IPS (such as SourceFire, Client TippingPoint), HIDS, malware analysis and protection, content filtering, logical access controls, data loss prevention (such as Symantec, RSA, McAfee), content filtering technologies, application firewalls (such as F5, Imperva), vulnerability scanners, forensics software, and security incident response.
  • 3+ years technical operations providing vulnerability system/platform support
  • Analytical security certification or demonstrable equivalent experience required
  • 3+ years required of working in security operations center or incident response role (preferably with global scope) experience leading an incident team
  • 3+ years required of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments.
  • Working knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments.
  • Experience with configuration management, change control processes, problem determination, root cause analysis, risk assessment, & exception management.


  • Demonstrated behaviors:
    • Overcomes Barriers: Takes responsibility for addressing obstacles that hinder our people and our business
    • Delivers Results: Delivers positive results regardless of circumstances, utilizing the right mix of analysis, judgment, agility and urgency


  • Bachelor’s degree in a related field*

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree

Back To All Positions

COMSEC Support Lead

Joint Base Andrews, MARYLAND

Read More

Security Operations Center (SOC) Manager


Read More

Level 1 Security Operations Center (SOC) Analyst


Read More

Payroll Supervisor


Read More