Security Operations Center Analyst

• Develop, implement, and refine SOC processes, procedures, and response playbooks to improve detection, response, and mitigation capabilities in both on-prem and cloud environments.
• Identify and recommend enhancements to SOC tools, workflows, and automation for increased efficiency, with a focus on AWS-native security services.
• Establish and maintain strong relationships with internal and external stakeholders to ensure SOC alignment with business and security priorities.
• Monitor, analyze, and respond to security events from AWS security services such as AWS Security Hub, Guard Duty, AWS Config, CloudTrail, and IAM Access Analyzer.
• Investigate and remediate security incidents in AWS, leveraging AWS-native security controls, forensic capabilities, and automation.
• Prepare and distribute emerging threat intelligence reports, providing actionable insights to agency stakeholders, with a focus on cloud-based threats.
• Support compliance efforts by ensuring SOC activities align with AWS security frameworks, such as AWS Well-Architected Framework and regulatory standards (e.g., NIST, CIS, FedRAMP).
• Participate in security awareness initiatives by providing insights on cloud-specific security threats and best practices.
• Perform continuous monitoring of security solutions to detect, analyze, and respond to potential threats and vulnerabilities.
• Proactively collect, correlate, and analyze security data to detect unauthorized access attempts or suspicious activities.
• Evaluate and assess security events based on exploit and vulnerability intelligence, determining severity and appropriate response actions.
• Investigate security incidents by conducting forensic analysis, gathering relevant documentation, and escalating as necessary.
• Monitor, triage, and analyze alerts from security platforms (e.g., SIEM, AWS Security Hub, Microsoft Defender for Endpoint, Trend Micro Vision One).
• Collaborate with internal teams to implement and refine security controls to meet evolving security requirements.
• Conduct self-assessments of security controls to evaluate their effectiveness and identify areas for improvement.

EDUCATION AND EXPERIENCE Minimum qualifications: Bachelor's degree in Computer Science or a related field with two to five years of experience in information security administration or the equivalent combination of skills, experience, and certifications.

• Proficient understanding of security principles, risk assessment policies and standards, information security best practices, products and technologies, defense strategies, and network technologies.
• Demonstrated solid analytical, critical thinking, and organizational skills.
• Knowledge of the National Institute of Standards and Technology (NIST) security controls family and guidance to include NIST SP800-53.
• Experience with various operating systems with a focus on Microsoft Windows and Linux/Unix.
• Effective skills with time management, prioritization, and attention to detail.
• Possess a high level of integrity and ethics.
• Proficient use of Microsoft Office suite