Role: Security Analyst - Incident Response & Threat Hunting (Tier 2)-W2 Only
Work Location: Full-Time Remote (On-site in Columbia, SC as needed)
Duration of the Contract: 12 Months with Possibility for Extension
Interview Process: 1 Round of Virtual/Online Interviews - potential for second round of in-person interviews
Position Overview
IRG Clients is is seeking a highly analytical and proactive SOC Analyst to support enterprise security monitoring, incident response, and threat hunting operations. This role is critical in identifying complex attack patterns, investigating suspicious activity, and improving detection capabilities across the security ecosystem.
The ideal candidate will have hands-on experience correlating events across SIEM, EDR, IDS/IPS, and threat intelligence platforms, and will be comfortable performing deep technical investigations while contributing to SOC process maturity and continuous improvement.
Key Responsibilities
- Continuously monitor and correlate security events across SIEM, EDR, IDS/IPS, and threat intelligence sources to detect advanced threats and security incidents.
- Perform deep-dive analysis of alerts and suspicious activities to validate incidents, determine root cause, assess impact, and escalate critical issues to Tier 3 with detailed context.
- Investigate user-reported phishing attempts, malware infections, and policy violations; provide guidance on containment and recovery.
- Create comprehensive incident reports, timelines, and post-incident summaries including lessons learned and remediation recommendations.
- Proactively hunt for threats using current tactics, techniques, and procedures (TTPs) and newly integrated threat intelligence feeds.
- Recommend and implement improvements to SOC playbooks, workflows, detection rules, alert thresholds, and correlation logic to reduce false positives.
- Collaborate with engineering teams to ensure monitoring tools are optimally configured, tuned, and integrated.
- Serve as a customer-facing SME by demonstrating SOC capabilities and effectively resolving security concerns.
- Document SOC processes, runbooks, and troubleshooting procedures.
- Coordinate with SOC, engineering, and agency staff to meet operational security goals.
- Perform other duties as assigned.
Required Skills (in order of importance)
- 2+ years of experience in security monitoring and incident response.
- 2+ years of experience working with the MITRE ATT&CK framework.
- 2+ years of experience in dashboard creation and security reporting.
Preferred Skills (in order of importance)
- Experience with Palo Alto Cortex XSIAM/XDR platform.
- Knowledge of Linux, network administration, and network design.
- Experience administering firewalls, VPN technologies, Active Directory, and IDS/IPS systems.
- Local to Columbia, SC or surrounding areas.
-
Required Education / Experience
- Associate’s degree in Information Technology, Information Security, or related field.
OR
- Four (4) years of relevant work experience in lieu of degree.
- Minimum two (2) years supporting large SOC operations.
Preferred Certifications
- CISSP, CISA, CISO, or equivalent advanced security certification.
- Additional certifications such as CEH, OSCP, GPEN.
- Vendor-specific information security certifications.
Never miss an opportunity! Create an alert based on the job you applied for.
