Security Operations Analyst 3 (Senior)

The Security Operations Analyst 3 performs senior-level security analysis for the NIwith minimal supervision. This individual maintains continuous threat awareness, analyzes logs and reports from the agency security tool set, drives a disciplined daily analysis routine, and contributes directly to detection tuning, incident response, and security metrics reporting., * Perform all security analysis activities in accordance with established standards.

• Maintain threat awareness and monitor NIGC information systems for exploits and suspicious activity, and analyze aggregated logs and reports from security tools.

• Develop a daily security analysis and reporting checklist and execute the activities it defines.

• Evaluate the effectiveness of security analysis activities against best practices and recommend improvements.

• Adhere to continuous monitoring practices to evaluate the effectiveness of implemented controls and execute proactive threat hunting that protects the confidentiality, integrity, and availability of NIinformation systems.

• Develop detection and response configuration policies that increase automation and alerting.

• Develop incident handling procedures and execute incident response activities in accordance with the NIincident response plan.

• Validate that sufficient and relevant information is captured and retained from security tools to support security awareness and incident investigations.

• Collect security operations performance and NIGC security posture management metrics, and prepare threat reports that inform risk management decisions.

• Minimum of six continuous years performing in a senior security operations analyst or incident response role. Demonstrated hands-on experience is mandatory and may not be substituted.

• Working proficiency with SIEM analysis, Syslog and log management, EDR and NDR telemetry, threat hunting, and incident response within Microsoft 365 and Azure environments, supported by familiarity with Cisco networking and firewalls and PowerShell.

• Relevant industry certifications are preferred where practicable, such as Microsoft SC-200, GIAC GCIA IH, CompTIA CySA+, or Security+. Relevant certifications may be substituted for a formal college degree; hands-on experience may not be substituted.

• Place of performance: primarily onsite at NIHeadquarters, 550 12th Street SW, Washington, DC 20024. Limited remote work may be authorized at the discretion of the Federal Task Manager.

• Schedule: Monday through Friday, 8:00 AM to 5:00 PM, excluding Federal holidays.

• Successfully complete applicable background investigations and obtain and maintain a Public Trust clearance.

• Execute a Non-Disclosure Agreement, comply with all NIGC policies, and acknowledge and sign the NIRules of Behavior.

• Obtain a Government-issued PIV Card and use only Government-furnished equipment to access the NIenvironment.