Security Analyst / Tier 2 SOC Analyst

We are seeking a Tier 2 SOC Analyst to support statewide security incident response efforts. This role focuses on security monitoring, threat detection, security incident response, security investigations, and engagement with state agencies to promote and support centralized security services. The engagement is expected to last 12 months with the possibility of extension. Preference will be given to candidates who can work onsite, followed by hybrid candidates.

Key Responsibilities
• Continuously review and correlate security event data across SIEM, EDR, IDS/IPS, and threat intelligence sources to identify attack patterns, emerging threats, and security incidents.
• Perform deep-dive analysis of suspicious activity, validate incidents, determine root cause and impact, and escalate critical incidents to Tier 3 as required.
• Create detailed incident reports, timelines, and post-incident summaries, including recommendations for remediation and preventative measures.
• Investigate user-reported phishing attempts, malware infections, and potential policy violations.
• Advise users and internal/external teams on containment and recovery actions.
• Recommend updates to SOC playbooks and workflows based on investigation findings.
• Fine-tune detection rules, alert thresholds, and correlation logic to reduce false positives and improve threat coverage.
• Collaborate with engineering teams to ensure monitoring tools are properly configured and tuned.
• Integrate new threat intelligence feeds into workflows and proactively conduct threat hunting activities using current tactics, techniques, and procedures (TTPs).
• Serve as a customer-facing subject matter expert, demonstrating the value of DIS services and resolving issues.
• Document SOC processes, runbooks, and troubleshooting procedures.
• Coordinate with engineering, SOC, and agency staff to achieve operational goals.
• Perform other duties as assigned.

Required Qualifications
• 2+ years of experience with security monitoring and incident response.
• 2+ years of experience with the MITRE ATTACK framework.
• 2+ years of experience with dashboard creation and reporting.
• Associate’s degree in an information technology or information security-related field.
• Four years of relevant work experience may be substituted in lieu of education.

Preferred Qualifications
• Experience with the Palo Alto Cortex XSIAM/XDR platform.
• Knowledge of Linux, network administration, and network design.
• Experience administering firewalls, VPN technology, Active Directory, and intrusion detection/prevention systems.
• Local to Columbia, SC or surrounding areas in South Carolina.
• CISSP, CISA, CISO, or equivalent advanced security certification.
• Additional relevant certifications such as CEH, OSCP, or GPEN.
• Vendor certifications related to information security.