Incident Responder/SOC Analyst

Incident Responder/SOC Analyst - Contract - Richmond, VA - $50.00 - $55.00/hr.

The final salary or hourly wage, as applicable, paid to each candidate/applicant for this position is ultimately dependent on a variety of factors, including, but not limited to, the candidate's/applicant's qualifications, skills, and level of experience as well as the geographical location of the position.

Applicants must be legally authorized to work in the United States. Sponsorship not available.

Our client is seeking a Incident Responder/SOC Analyst in Richmond, VA.

Role Description

The Office of the Executive Secretary of the is seeking candidates for an Incident Responder / SOC Analyst to strengthen the cybersecurity capabilities of its IT operations. This role is critical in investigating and mitigating advanced cybersecurity threats to ensure the confidentiality, integrity, and availability of sensitive IT systems and data. This position offers an opportunity to contribute to the resilience and integrity of critical infrastructure in a collaborative, mission-driven judicial setting.
The selected candidate will handle tasks aligned with Tier 1 and Tier 2 SOC Analysts following the NICE framework. This includes monitoring multiple security platforms and managing security incidents, to include performing in-depth investigations, monitoring threat intelligence, and performing containment and recovery activities. This position requires strong analytical skills, familiarity with security tools, and the ability to collaborate across teams to protect critical IT systems.
The most competitive applicants will have experience with cybersecurity tools such as Qualys, Splunk, Cisco Secure Access, Thousand Eyes, DUO, and Cloudflare. Experience with Active Directory, Azure AD, and ticketing systems like ServiceNow and Jira, is highly desirable. Candidates should have strong knowledge of security concepts including Zero Trust architecture, Network Access Control (NAC), endpoint security, and other best practices in the cybersecurity industry.

In addition to other occasional tasks, the candidate's key responsibilities will be:
Monitor and triage alerts from SIEM, EDR, and NDR tools to distinguish false positives from true positives.
Investigate incidents validating severity, scope, and potential impact.
Analyze attack telemetry and convert raw data into actionable threat intelligence.
Collaborate with and escalate to Tier 3 analysts or senior cybersecurity staff for complex cases requiring deep forensic analysis or malware reverse engineering.
Leverage threat intelligence sources, such as IOCs, updated detection rules, MITRE ATTACK, CISA advisories, Virginia Fusion Center, to enhance investigations and detection capabilities.
Assist in designing and implementing containment strategies, including host isolation, account lockdown, and network segmentation.
Coordinate recovery efforts to securely restore systems and prevent recurrence of incidents.
Update and refine incident response playbooks and procedures based on postmortems, lessons learned, and emerging threats.
Assist in SIEM tuning and detection rule optimization to reduce false positives and improve alert fidelity.
Prepare detailed incident reports for internal stakeholders, ensuring clarity and completeness.
Thoroughly document findings within case management and ticketing systems (timestamps, artifacts, actions taken).
Collect and preserve evidence (logs, emails, file hashes, process trees) in accordance with standard operating procedures.
Track and close tickets, ensuring SLAs are met and proper handoffs occur across shifts.
Contribute to continuous improvement by providing feedback on alert quality and playbook enhancements to senior security staff and engineering teams.

Skills & Requirements

Minimum qualifications are the essential, non-negotiable requirements a candidate must meet to be considered for the position.
2-5 years of experience in cybersecurity operations, incident response, or working in a SOC environment.
Strong understanding of:
Incident Response Lifecycle (NIST 800-61 or similar frameworks)
Threat intelligence and IOC correlation
Network protocols (TCP/IP, DNS, HTTP) and log analysis
Proficiency with:
SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel, etc.)
EDR tools (e.g., CrowdStrike, Microsoft Defender, Cisco Secure Endpoint, etc.)
Threat intelligence platforms and IOC feeds
Familiarity with incident handling concepts (NIST 800-61) and the basic incident response lifecycle.
Familiarity with Active Directory, Azure AD, and identity management concepts.
Scripting knowledge using tools such as PowerShell or Python for automation and data parsing.
Ability to contain and remediate incidents using established playbooks and best practices.
Excellent documentation and communication skills for both technical and non-technical audiences.
Preferred qualifications are desirable but non-mandatory job skills, experience, or education that make an applicant an ideal candidate, helping them stand out among other applicants who meet the minimum qualifications.
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.
Industry certifications (earned or in-progress) such as:
CompTIA Security+, CySA+
GIAC certifications (GCIA, GCIH, GCFA)
CISSP (in-progress acceptable)
Microsoft certifications (SC-900, SC-200)
Splunk Core User or equivalent
Experience with:
SOAR automation for incident response workflows
Packet capture and analysis tools (e.g., Wireshark)
Cloud security concepts and tools (Azure, AWS)
Benefits/Other Compensation

This position is a contract/temporary role where Hays offers you the opportunity to enroll in full medical benefits, dental benefits, vision benefits, 401K and Life Insurance ($20,000 benefit).

Why Hays?

You will be working with a professional recruiter who has intimate knowledge of the industry and market trends. Your Hays recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and drivers. You will also get support on resume writing, interview tips, and career planning, so when there's a position you really want, you're fully prepared to get it.

Nervous about an upcoming interview? Unsure how to write a new resume?

Visit the Hays Career Advice section to learn top tips to help you stand out from the crowd when job hunting.

Hays is committed to building a thriving culture of diversity that embraces people with different backgrounds, perspectives, and experiences. We believe that the more inclusive we are, the better we serve our candidates, clients, and employees. We are an equal employment opportunity employer, and we comply with all applicable laws prohibiting discrimination based on race, color, creed, sex (including pregnancy, sexual orientation, or gender identity), age, national origin or ancestry, physical or mental disability, veteran status, marital status, genetic information, HIV-positive status, as well as any other characteristic protected by federal, state, or local law. One of Hays' guiding principles is 'do the right thing'.
We also believe that actions speak louder than words.
In that regard, we train our staff on ensuring inclusivity throughout the entire recruitment process and counsel our clients on these principles. If you have any questions about Hays or any of our processes, please contact us.

In accordance with applicable federal, state, and local law protecting qualified individuals with known disabilities, Hays will attempt to reasonably accommodate those individuals unless doing so would create an undue hardship on the company. Any qualified applicant or consultant with a disability who requires an accommodation in order to perform the essential functions of the job should call or text .

Drug testing may be required; please contact a recruiter for more information.

#LI-DNI