SOC Analyst - Tier 1

OCTO SOC Analyst - Tier 1 (756630)

Rate: $30.00/hour on W2

Work Status: US Citizen, H1B, GC or Authorized to work - Sponsorship not available DHS

Work Arrangement: Onsite

Worksite Address: Washington, DC

Duration: 02/11/2025 to 09/30/2025

Submittals due: 02/03/2025

Interviews: In Person

Background check: Extensive criminal history background check will be required. We cannot submit candidates with recent histories (go back seven years) of extensive driving, drug, robbery or any other illegal activity. Any criminal activity on the background check will eliminate the candidate from consideration. If selected, please make certain that you inform all candidates that they will have to complete this criminal background check prior to starting. NATIONAL background checks are required; Federal background checks are NOT compliant under this contract. A national background check is a national criminal background check that pulls criminal records from State and County Courts in almost every US State.

Job Description:

Short Description:

The CItyWide Information Security Team at OCTO is looking for 2 Tier 1 SOC Analysts to work onsite at 200 I ST, SE 4 days a week with 1 day of telework.

Complete Description:

The Office of the Chief Technology Officer (OCTO) is the central technology organization of the District of Columbia Government. It sets the standard for a number of information technology functions including the security policies and procedures for the District's IT footprint. The Citywide Information Security serves as the lead in this endeavor.

The Citywide information security team is looking for 2 Tier 1 Security Analysts. Each role is responsible for monitoring The Security Operations Center by responding to alerts, notification, communications and providing incident response activities such as tracking the incident, communication with stakeholders, remediation and recovery actions and reporting pertaining to security incidents. The analysts follow standard operating procedures for detecting, classifying, and reporting incidents under the supervision of Tier 2 and Tier 3 staff.

Roles and Responsibilities

• Perform real-time monitoring of internal and information technology security equipment and systems to determine operational status and performance making use of various Security Incident and Event Management (SIEM) tools, SOAR platforms and other related security management/console applications, such as network traffic and data analytics.
• Analyze both raw and processed security alert and event data to identify potential security incidents, threats, mitigations, and vulnerabilities.
• Support follow-on actions, such as coordinating with other organization teams to facilitate remediation of the alert/event/incident, and close out the investigation.
• Perform initial alert/event/incident triage used for investigation.
• Initiate incident notification, case tracking/management, recovery actions, and report status updates.
• Perform incident response analysis uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods.
• Coordinate process and procedure actions with geographically separated team members.
  
  
  

Detailed Tasks: Incident Response

• Support and develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations.
• Participate in the remediation of incidents and responses that are generated from live threats against the enterprise.
• Coordinate and provide technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Assist in real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
  
  
  

Desired Background

• Bachelors’ degree in either: Computer Science, Engineering, Information Technology, Cyber Security, or equivalent experience in Cyber/IT roles (SOC experience preferred, but not required)
• preferred Cyber Security Certifications such as CompTIA Security
• Excellent written and oral communication skills.
• Self-motivated and able to work in an independent manner.
  
  
  

Compliance

• Understand, enforce, and adhere to the company policies and procedures.
• Have read and understand the Information Security Policy and supporting procedures and do not hinder in any way the proper execution of procedures defined within.
• Understand and abide by our non-disclosure and confidentiality agreements.
  
  
  

Contract Job Description

Responsibilities:

• Expertise in implementing, administrating and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus, network traffic analyzers and malware analysis tools.
• Utilizes advanced experience with scripting and tool automation such as Perl, PowerShell, Regex.
• Develops, leads, and executes information security incident response plans.
• Develops standard and complex IT solutions & services, driven by business requirements and industry standards.
• May also leverage dynamic and static code assessment tools to measure vulnerability of applications throughout the SDLC.
  
  
  

Minimum Education/Certification Requirements:

BS Degree in IT, Cybersecurity, or Engineering, or equivalent experience