INFO SECURITY ANALYST IV

Description

SOC Engineer

Location: Washington DC

Clearance: Public Trust (Must be eligible)

Duration: 6-month Contract to Hire

Position Overview

We are seeking a skilled and motivated SOC Engineer to join our cybersecurity operations team. This role is focused on engineering data feed solutions for the Security Operations Center (SOC), implementing SOAR capabilities, and ensuring the health and performance of data integrations through collaboration across technical teams.

The ideal candidate will bring deep cybersecurity expertise, particularly in network security, SIEM/SOAR platforms, incident response, and threat detection. This position also serves as the backup SOC Lead, stepping in to manage operations, escalations, and leadership communications during critical incidents when the primary lead is unavailable.

Key Responsibilities

• Microsoft Sentinel Engineering: Maintain and optimize Microsoft Sentinel SIEM/SOAR solutions in accordance with client needs and federal compliance standards.
• Data Integration: Configure and manage log/data feeds from various sources including Fluent Bit, Windows Events, M365, cloud services, and endpoint/security platforms.
• Parsing & Normalization: Develop and refine log parsing rules using Regex, DCRs, and custom transformations to ensure accurate data ingestion.
• SOAR Development: Build automation and orchestration workflows using Microsoft Logic Apps, Azure Functions, and PowerShell/Python scripting.
• Threat Detection Engineering: Design and tune analytic rules, UEBA, dashboards, and reports to enhance threat detection and response capabilities.
• Cross-Team Collaboration: Work closely with network, endpoint, cloud, and IT operations teams to onboard new data sources and improve SOC functionality.
• Documentation & Training: Create and maintain documentation for SOC architecture, onboarding processes, and automation playbooks; train SOC analysts on new tools and procedures.
• Process Improvement: Conduct gap analyses and recommend enhancements to SOC capabilities and maturity.
• Incident Response Support: Provide Tier 3 support and assist in complex investigations as needed.

Requirements

Required Qualifications

• 2-5 years of experience in SOC engineering, network defense, or cybersecurity operations.
• Hands-on experience with Microsoft Sentinel, including log onboarding, rule creation, and automation.
• Proficiency in log parsing and normalization (Regex, Fluent Bit, DCRs, KQL).
• Strong scripting skills in PowerShell and/or Python.
• Experience managing data feeds across cloud, endpoint, network, and on-prem environments.
• Familiarity with incident response, threat detection, and SOAR workflows.
• Excellent communication skills and ability to collaborate across technical and non-technical teams.
• Ability to obtain a Public Trust Clearance.

Preferred Qualifications

• Knowledge of federal cybersecurity mandates (e.g., M-21-31, NIST CSF, CISA Playbooks, BOD 22-01).
• Experience with Microsoft Logic Apps, Azure Functions, or other SOAR platforms.
• Familiarity with UEBA configuration and anomaly detection.
• Exposure to AI/ML frameworks for cyber analytics.
• Experience building SOC metrics, dashboards, and operational reports.
• Familiarity with M365, Azure security tools, ServiceNow, and CISA CDM tools.
• Relevant certifications such as CISSP, CISM, SC-200, or AZ-500.

Technology Doesn't Change the World, People Do.

Robert Half is the world's first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles.

Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. Download the Robert Half app and get 1-tap apply, notifications of AI-matched jobs, and much more.

All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance. Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan. Visit roberthalf.gobenefits.net for more information.

2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking "Apply Now," you're agreeing to Robert Half's Terms of Use.