Job#: 3022407
Job Description:
Apex Systems is seeking an Incident Responder/SOC Analyst to fill a long-term position with a client in Richmond, Virginia.
JOB TITLE: Incident Responder / SOC Analyst
WORK MODEL: Hybrid-Telework Hybrid-telework - The position will average three (3) to four (4) days a week onsite in Richmond VA. The teleworking ability and schedule will be determined by the reporting manager. (Note) During initial training, the selected candidate may be required to be on site up to 5 days a week.
TRAVEL: Occasional travel may be required. Approved travel expenses will be reimbursed (details provided during onboarding and orientation).
POSITION SUMMARY
Apex Systems is seeking candidates for an Incident Responder / SOC Analyst to strengthen the cybersecurity capabilities of its IT operations. This role is critical in investigating and mitigating advanced cybersecurity threats to ensure the confidentiality, integrity, and availability of sensitive IT systems and data. This position offers an opportunity to contribute to the resilience and integrity of critical infrastructure in a collaborative, mission-driven judicial setting. The selected candidate will handle tasks aligned with Tier 1 and Tier 2 SOC Analysts following the NICE framework. This includes monitoring multiple security platforms and managing security incidents, including performing in-depth investigations, monitoring threat intelligence, and performing containment and recovery activities. This position requires strong analytical skills, familiarity with security tools, and the ability to collaborate across teams to protect critical IT systems.
The most competitive applicants will have experience with cybersecurity tools such as Qualys, Splunk, Cisco Secure Access, ThousandEyes, DUO, and Cloudflare. Experience with Active Directory, Azure AD, and ticketing systems like ServiceNow and Jira is highly desirable. Candidates should have strong knowledge of security concepts, including Zero Trust architecture, Network Access Control (NAC), endpoint security, and other best practices in the cybersecurity industry
KEY RESPONSIBILITIES
In addition to other occasional tasks, the candidate's key responsibilities will be:
Monitor and triage alerts from SIEM, EDR, and NDR tools to distinguish false positives from true positives.
Investigate incidents validating severity, scope, and potential impact.
Analyze attack telemetry and convert raw data into actionable threat intelligence.
Collaborate with and escalate to Tier 3 analysts or senior cybersecurity staff for complex cases requiring deep forensic analysis or malware reverse engineering.
Leverage threat intelligence sources, such as IOCs, updated detection rules, MITRE ATT&CK, and CISA advisories, to enhance investigations and detection capabilities.
Assist in designing and implementing containment strategies, including host isolation, account lockdown, and network segmentation.
Coordinate recovery efforts to securely restore systems and prevent recurrence of incidents. Update and refine incident response playbooks and procedures based on postmortems, lessons learned, and emerging threats.
Assist in SIEM tuning and detection rule optimization to reduce false positives and improve alert fidelity.
Prepare detailed incident reports for internal stakeholders, ensuring clarity and completeness.
Thoroughly document findings within case management and ticketing systems (timestamps, artifacts, actions taken).
Collect and preserve evidence (logs, emails, file hashes, process trees) in accordance with standard operating procedures.
Track and close tickets, ensuring SLAs are met and proper handoffs occur across shifts.
Contribute to continuous improvement by providing feedback on alert quality and playbook enhancements to senior security staff and engineering teams.
MINIMUM QUALIFICATIONS
Minimum qualifications are the essential, non-negotiable requirements a candidate must meet to be considered for the position.
2-5 years of experience in cybersecurity operations, incident response, or working in a SOC environment.
Strong understanding of:
o Incident Response Lifecycle (NIST 800-61 or similar frameworks)
o Threat intelligence and IOC correlation o Network protocols (TCP/IP, DNS, HTTP) and log analysis
Proficiency with:
o SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel, etc.)
o EDR tools (e.g., CrowdStrike, Microsoft Defender, Cisco Secure Endpoint, etc.)
o Threat intelligence platforms and IOC feeds
Familiarity with incident handling concepts (NIST 800-61) and the basic incident response lifecycle.
Familiarity with Active Directory, Azure AD, and identity management concepts.
Scripting knowledge using tools such as PowerShell or Python for automation and data parsing.
Ability to contain and remediate incidents using established playbooks and best practices.
Excellent documentation and communication skills for both technical and non-technical audiences.
PREFERRED QUALIFICATION
Preferred qualifications are desirable but non-mandatory job skills, experience, or education that make an applicant an ideal candidate, helping them stand out among other applicants who meet the minimum qualifications.
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.
Industry certifications (earned or in-progress) such as:
o CompTIA Security+, CySA+ o GIAC certifications (GCIA, GCIH, GCFA)
o CISSP (in-progress acceptable)
o Microsoft certifications (SC-900, SC-200)
o Splunk Core User or equivalent
Experience with:
o SOAR automation for incident response workflows
o Packet capture and analysis tools (e.g., Wireshark)
o Cloud security concepts and tools (Azure, AWS)
Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.
Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: apexsan
- Position Id: BHJOB2374_3022407
- Posted 2 hours ago
Never miss an opportunity! Create an alert based on the job you applied for.