Cybersecurity SOC Analyst; TS or TS/SCI
Job Description
Company: HallieMorgan Technologies
Location: Washington, US
Position: Cybersecurity SOC Analyst (TS or TS/SCI required)
Hallie Morgan Technologies is a forward-thinking technology company delivering mission-focused cybersecurity and IT solutions to Federal clients. We specialize in protecting critical infrastructure and high-value systems, combining deep technical expertise with a culture grounded in integrity, accountability, and continuous learning.
Role Description
Hallie Morgan Technologies is seeking a highly skilled Cybersecurity SOC Analyst to support a mission-critical environment within DHS. This role goes beyond traditional monitoring and requires a hands-on operator capable of leading real-time incident investigations, conducting advanced threat hunting, and responding to sophisticated adversary activity across both IT and Operational Technology (OT) networks.
Location
Full-time position with hybrid flexibility between on-site work in Washington, D.C. and remote.
Schedule
Shift work required (6AM–2PM / 2PM–10PM), including occasional weekends and special events.
Education & Experience
• Bachelor’s degree in Cybersecurity, Information Technology, or related field (preferred)
• 4+ years of relevant IT or cybersecurity experience
Qualifications
• Active Top Secret clearance; eligibility for TS/SCI required (TS/SCI preferred)
• Strong experience with SIEM platforms (e.g., Elastic/ELK stack) and large-scale log analysis
• Deep understanding of network security monitoring using tools such as Zeek and Suricata
• Proven ability to analyze network traffic, identify anomalies, and detect malicious activity using metadata and packet-level insights
• Experience conducting proactive threat hunting across enterprise environments
• TCP/IP networking and common protocols (DNS, HTTP/S, SMB, RDP)
• Windows and Unix/Linux operating systems
• Enterprise infrastructure (routing, switching, firewalls, proxies, VPNs)
• Understanding of attacker tactics, techniques, and procedures (TTPs), including lateral movement, credential access, command-and-control, and data exfiltration
• Experience analyzing and correlating DNS, proxy, and firewall logs
• Experience analyzing and correlating Authentication logs (Active Directory)
• Experience analyzing and correlating IDS/IPS alerts and packet capture data
• Ability to pivot across indicators of compromise (IPs, domains, hashes, TLS fingerprints such as JA3)
• Familiarity with both IT and OT environments, including segmentation models and potential attack paths between them
• Strong analytical, problem-solving, and communication skills
Key Responsibilities
• Lead triage and investigation of security incidents, including ransomware, suspected data exfiltration, and advanced persistent threats
• Analyze alerts and telemetry to determine scope, impact, and root cause of incidents
• Execute and support containment and response actions while balancing operational and mission requirements
• Conduct advanced threat hunts using network and host-based telemetry to identify stealthy or low-and-slow attacker activity
• Leverage threat intelligence (IOCs, adversary infrastructure, malware behaviors) to proactively identify risks within the environment
Pivot across multiple data sources to build a comprehensive attack narrative
• Monitor and investigate activity across both enterprise IT systems and OT environments
• Identify and assess potential attack paths between IT and OT systems, including DMZ traversal and protocol bridging systems
• Support secure operations of critical infrastructure systems while maintaining uptime and safety requirements
• Analyze high-volume datasets to detect anomalies and indicators of compromise
• Develop and refine detection logic, signatures, and use cases within SIEM and IDS/IPS platforms
• Research emerging threats, vulnerabilities, and adversary tactics to improve detection and response capabilities
• Evaluate intelligence feeds, alerts, and reports for relevance to the operational environment
• Contribute to the development and refinement of SOC playbooks, SOPs, and response procedures
• Document findings, timelines, and response actions clearly and concisely
• Communicate technical findings to both technical and non-technical stakeholders
• Provide actionable recommendations to improve overall security posture
#J-18808-Ljbffr
Source: Learn4Good
