Defensive Cyber Operations Watch Analyst Tier II

As a Tier 2 Defensive Cyber Operations (DCO) Watch Analyst you will responsible for analyzing and responding to security incidents within a Cybersecurity Service Provider (CSSP) environment. In addition to investigating validated events and mitigating incidents, you will help improve the quality of Tier 1 analysis by mentoring junior analysts. You will also assist the watch officer as needed, work on projects to enhance CSSP capabilities, and perform independent problem-solving while adhering to CJCSM 6510.01B reporting standards., * Analyze and respond to validated security incidents, determining severity and impact per CJCSM 6510.01B

• Support incident response campaigns by organizing response efforts, tracking progress, and ensuring proper documentation
• Coordinate with reporting agencies and subscriber sites to ensure timely and accurate incident reporting
• Perform network and host-based digital forensics on Windows and other operating systems as needed
• Conduct log correlation analysis using Splunk and supplemental tools to identify patterns in network and system activity
• Compile and maintain internal SOP documentation, ensuring compliance with CJCSM 6510.01B and other directives
• Provide 24/7 support for incident response during assigned shifts, including non-core hours
• Support IDS/IPS signature development and implementation under guidance
• Overtime may be required to support incident response actions (Surge)
• Operations are conducted 24/7/365 across three regional operation centers (ROC)
• Each ROC works four ten-hour shifts (Sunday-Wednesday or Wednesday-Saturday)
• Shift placement is at the discretion of assigned managers
• Up to 10% travel may be required, may include international travel
• Must maintain a current US Passport

Do you have experience in Windows?, Do you have a Bachelor's degree?, Secret Clearance required to start, with ability to obtain TS/SCI, * Bachelor's Degree in relevant discipline or at least 5 years of experience working in a CSSP, SOC, or similar environment

• At least 1 year experience conducting in-depth analysis or incident response with any of the following tools: Splunk, Elastic, Corelight, Palo Alto Panorama, Windows Azure/Defender, AWS, Crowdstrike, Volatility, or SIFT Workstation
• At least 1 year of experience authoring technical documentation for security incidents, such as creating detailed investigation timelines, documenting indicators of compromise (IOCs), or writing shift turnover reports for ongoing incidents
• Must be a U.S. Citizen, * Demonstrated experience conducting in-depth log correlation and analysis for complex security incidents across multiple data sources (e.g., EDR, IDS/IPS, DNS, & operating system logging solutions)
• Advanced proficiency in writing complex search queries in SIEM platforms (e.g., Splunk, Elastic, Sentinel) to identify anomalous or malicious activity
• Experience building advanced scripts (e.g., in Python, PowerShell, Bash, etc) to automate detection and analysis tasks
• Experience integrating and operationalizing threat intelligence feeds to create new detection mechanisms or enrich existing data
• Previous experience informally mentoring junior analysts, creating training documentation, or leading small-group knowledge-sharing sessions
• Demonstrated passion for cybersecurity and continuous learning through active participation in Capture the Flag (CTF) events, (e.g., TryHackMe, Hack The Box, etc)
• Completion of practical, hands-on cybersecurity training courses or certifications (e.g., Security Blue Team BTL1/BTL2, AntiSyphon training courses, OffSec OSCP)

Required Certifications

• Must have DoD 8570 IAT Level II and CSSP IR compliant certifications

• Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
• 401k Retirement Plan with Matching Contribution is immediately available and vested.
• Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
• Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
• Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.

Adapt Forward is a cybersecurity solutions provider for some of the nation's most valuable information systems. Leveraging advanced threat assessment technology and experience in building high-level information security infrastructure, we develop adaptive solutions uniquely tailored to our customers' business objectives to protect sensitive data against sophisticated threats in an increasingly complex security environment.