Overview
Skills
Job Details
Position Title:
Threat Management Specialist (Tier 2 SOC Analyst)
Location:
Morrisville, NC
Clearance Requirements:
Public Trust (Ability to Obtain)
Position Status:
Full-Time | Contract
Pay Rate:
Competitive, based on qualifications
Position Description:
We are seeking Threat Management Specialists (Tier 2) to support a 24x7 Cyber Security Operations Center (CSOC). In this role, you will perform advanced incident analysis, threat detection, and response activities by correlating data across network, endpoint, cloud, and email security platforms.
Tier 2 Analysts serve as escalation points for Tier 1, perform deep-dive investigations, and provide subject matter expertise in network-based attacks, intrusion methodologies, and threat intelligence. You will also contribute to the continuous improvement of SOC operations through automation, SOAR, and AI/ML-driven detection capabilities.
This position is ideal for security analysts who enjoy hands-on investigation, technical problem-solving, and applying modern security tooling to real-world threats.
Shift Details (Multiple Openings):
Position 1
Hours: 3:30 PM – 11:30 PM ET
Days Off: Tuesday & Wednesday
Position 2
Hours: 11:30 PM – 7:30 AM ET
Days Off: Saturday & Sunday
Key Responsibilities:
Perform Tier 2 incident analysis by correlating alerts, logs, and telemetry from multiple security platforms
Analyze network traffic to identify intrusions, exploits, and anomalous behavior
Investigate and respond to security incidents using established playbooks and SOPs
Provide subject matter expertise on network-based attacks, IDS/IPS, and intrusion techniques
Recommend and tune detection mechanisms for exploits and malicious activity
Escalate complex or high-impact incidents to senior threat management or response teams
Execute response actions and advise on containment and remediation strategies
Leverage AI/ML-based tools to improve detection accuracy, automate triage, and enhance threat intelligence
Analyze and operationalize threat intelligence to assess risk and adapt defenses
Manage and respond to email-based threats using Proofpoint
Configure and investigate security events using Splunk, including alert creation and log analysis
Monitor and analyze network activity using Cisco Firepower
Deploy and manage SentinelOne agents and investigate endpoint alerts
Monitor and respond to alerts across platforms such as:
Microsoft Defender XDR (Endpoint, Office 365, Cloud Apps)
Azure Entra ID
Google Cloud Security Command Center (SCC)
Support SOC automation and SOAR initiatives, identifying opportunities to improve efficiency and response times
Stay current on emerging threats, threat actors, and cybersecurity trends
Required Skills & Education:
8–12 years of relevant cybersecurity or IT security experience
Bachelor’s degree in a related field (or equivalent experience in lieu of degree)
3+ years of IT security experience, with exposure to AI/ML or automation initiatives
2+ years of hands-on network traffic analysis experience
Strong understanding of:
TCP/IP fundamentals
Network-level exploits and intrusion techniques
IDS/IPS architectures, signatures, and anomaly-based detection
Threat management and incident response workflows
Experience with cloud security platforms (AWS, Azure, and/or Google Cloud Platform)
Hands-on experience with SOAR platforms and security automation
Familiarity with applying AI/ML techniques in a SOC environment, including:
Anomaly detection
Automated threat detection
Incident response automation
Behavioral analytics
Experience working with large datasets (logs, network traffic) for analysis and feature extraction
Strong communication, documentation, and collaboration skills
Ability to work independently and make sound decisions in a high-tempo environment
Preferred Certifications:
GIAC Certified Enterprise Defender (GCED)
GIAC Security Essentials (GSEC)
CISSP or SSCP