Junior Security Operations Center SOC Analyst with Security Clearance

Job Description

Company: Karthik Consulting LLC

Location: Washington, US

For more than a decade, Karthik Consulting has been a reliable and trusted advisor to our Government customers, providing independent and unbiased recommendations and solutions to mitigate risk and help solve IT issues.
We bring the innovation, passion, and agility of the commercial sector to meet the unique challenges of this competitive space.
Karthik Consulting is seeking a Jr.
Security Operations Center (SOC) Analyst with the below skillset.
Jr.
Security Operations Center (SOC) Analyst Fulltime with Karthik Consulting
Location:
This is a hybrid role with flexibility to be on-site based in the NCR.
Clearance:
Secret
Schedule:
The standard requirement is five (5) days per week.
Due to nature of work, it requires effective response 24x7x365.
Karthik Consulting is seeking a mission-focused Entry-Level SOC Analyst to support the Transportation Security Administration (TSA) Information Assurance and Cybersecurity Division (IAD) Computer Network Defense (CND) Security Operations Center (SOC).
Program Scope
The SOC Analyst will perform 247365 continuous security event monitoring and initial triage using the TSA SIEM platform, document security events and incidents, and escalate potential threats in accordance with TSA Standard Operating Procedures (SOPs), the Concept of Operations (CONOPS), and strict Service Level Agreements (SLAs).
Required Skills:
1-2 years of experience in a Security Operations Center (SOC), Network Operations Center (NOC), or IT/help-desk environment with exposure to security monitoring.
Basic understanding of enterprise operating systems (Windows, Linux, macOS) and common network protocols(TCP/IP, UDP, ICMP, DNS, DHCP, HTTP/HTTPS).
Ability to monitor and analyze security logs and events from a wide range of sources, including firewalls, IDS/IPS, HIDS/HIPS, web proxies, vulnerability scanners, routers (NetFlow), VPNs, endpoint protection tools, server logs, cloud infrastructure (AWS, Azure, etc.), and non-traditional feeds (HR data, badging, physical security).
Strong documentation skills and the ability to follow detailed SOPs and escalation procedures.
Preferred Qualifications Familiarity with SIEM platforms and basic log analysis/querying.
Experience opening and managing tickets in a case/incident tracking system (Archer, ServiceNow, Remedy, or similar).
Understanding of basic adversary tactics and common indicators of compromise.
Prior exposure to vulnerability scan data or endpoint security tools (e.g., Nessus, Tanium).
Strong written and verbal communication skills with the ability to produce clear, concise case notes.
Ability to work effectively in a 247365 shift environment.
Key responsibilities Monitor and analyze security events and alerts in the TSA SIEM on a 247365 basis to identify suspicious or malicious activity.
Proficient in Splunk, including hand-on experience writing queries using SPL.
Open cases in the TSA SOC incident tracking application within 15 minutes of detecting critical/high events.
Open cases in the TSA SOC incident tracking application within 60 minutes of detecting medium events.
Open cases in the TSA SOC incident tracking application within 4 hours of detecting low events.
Collect and document minimum incident details (date/time, description, impacted devices, severity, etc.) and record all associated artifacts to support investigations.
Escalate confirmed incidents to the TSA CSIRT/CSWO team and IT management per established SOPs, ensuring documented hand-offs.
Report security event feed outages or tool issues.
Support After Action Reports (AARs) for significant cases and contribute to the SOC knowledge base (SharePoint).
Maintain accurate audit trails and records in accordance with TSA record management policies Qualifications Education:

Minimum Requirement:
High school diploma required; Associate’s or bachelor’s degree in Cybersecurity, IT, or related field preferred.
Minimum Experience:
Professional Certifications
CompTIA Security+ (or equivalent DoD 8570/8140-compliant certification) required or must be obtained within 6 months of start.

Source: Jobilize