Overview
Skills
Job Details
Role: Senior SOC Analyst
Location: Arlington, VA (onsite)
Job Type: Full-Time
Core Responsibilities
Lead Tier 2/3 incident investigations across classified and unclassified networks.
Use frameworks such as NIST 800-61, MITRE ATT&CK, and DoD Cyber Kill Chain for structured IR.
Coordinate response with counterintelligence, compliance, and federal authorities as required.
Manage and optimize Rapid7 InsightIDR, InsightConnect, Nexpose, and InsightVM.
Rapid7 InsightIDR (XDR + SIEM) for real-time detection and analytics.
Rapid7 InsightConnect (SOAR) to automate IR playbooks.
Rapid7 Nexpose & InsightVM to identify, assess, and prioritize vulnerabilities across hybrid
environments.
Correlate vulnerabilities with threat data to prioritize remediation of exploitable risks.
Build automation workflows for patching and remediation through Ansible and Puppet.
Conduct proactive threat hunting against nation-state adversaries using SIEM queries and Python
scripts.
Conduct continuous threat hunting using Python and SIEM queries (KQL, SPL, SQL-like languages).
Develop advanced detection logic mapped to MITRE ATT&CK TTPs.
Integrate threat intelligence feeds (STIX/TAXII, MISP, DoD threat intel sources) into SOC
workflows.
Python: Write custom scripts for IOC enrichment, API integrations, and log analysis.
Ansible: Automate system hardening, patch management, and incident response workflows.
Puppet: Standardize secure baselines across Linux/Windows systems in both classified and
commercial networks.
Develop reusable automation playbooks integrated with Rapid7 SOAR.
Secure workloads across AWS GovCloud, Azure Government, and Boeing s private cloud
infrastructure.
Monitor Kubernetes and containerized defense applications for runtime anomalies.
Implement identity/security policy enforcement across multi-cloud and hybrid environments.
Ensure compliance with CMMC, NIST 800-171, NIST 800-53, ITAR, and FedRAMP.
Maintain audit-ready documentation for DoD and regulatory inspections.
Support Boeing s supply chain cybersecurity programs, ensuring third-party compliance.
Required Skills & Experience
10+ years in SOC operations, threat detection, and incident response.
Hands-on experience with the Rapid7 ecosystem (InsightIDR, InsightConnect, Nexpose,
InsightVM).
Strong automation experience using Python, Ansible, and Puppet.
Familiarity with PowerShell and Bash scripting for cross-platform automation.
Deep knowledge of nation-state threat actors, APT techniques, and defense cyber operations.
Experience with SIEM, SOAR, IDS/IPS, EDR/XDR, firewalls, and vulnerability management.
Strong communication and ability to brief executives and federal stakeholders.
Education & Certifications
Bachelors in Cybersecurity, Computer Science, or related field.
Certifications required: InsightIDR Certified Specialist