Security Operations Analyst 3 (Senior) (On-Site: Washington, DC)

Position Summary

The Security Operations Analyst 3 performs senior-level security analysis for the NIwith minimal supervision. This individual maintains continuous threat awareness, analyzes logs and reports from the agency security tool set, drives a disciplined daily analysis routine, and contributes directly to detection tuning, incident response, and security metrics reporting.

Key Responsibilities

•    Perform all security analysis activities in accordance with established standards.

•    Maintain threat awareness and monitor NIGC information systems for exploits and suspicious activity, and analyze aggregated logs and reports from security tools.

•    Develop a daily security analysis and reporting checklist and execute the activities it defines.

•    Evaluate the effectiveness of security analysis activities against best practices and recommend improvements.

•    Adhere to continuous monitoring practices to evaluate the effectiveness of implemented controls and execute proactive threat hunting that protects the confidentiality, integrity, and availability of NIinformation systems.

•    Develop detection and response configuration policies that increase automation and alerting.

•    Develop incident handling procedures and execute incident response activities in accordance with the NIincident response plan.

•    Validate that sufficient and relevant information is captured and retained from security tools to support security awareness and incident investigations.

•    Collect security operations performance and NIGC security posture management metrics, and prepare threat reports that inform risk management decisions.

Required Qualifications

•    Minimum of six continuous years performing in a senior security operations analyst or incident response role. Demonstrated hands-on experience is mandatory and may not be substituted.

•    Working proficiency with SIEM analysis, Syslog and log management, EDR and NDR telemetry, threat hunting, and incident response within Microsoft 365 and Azure environments, supported by familiarity with Cisco networking and firewalls and PowerShell.

•    Relevant industry certifications are preferred where practicable, such as Microsoft SC-200, GIAC GCIA IH, CompTIA CySA+, or Security+. Relevant certifications may be substituted for a formal college degree; hands-on experience may not be substituted.