SOC Analyst - Hybrid

Job Title: Information Security Spec II

Location: 3170 Fairview Park Drive Falls Church, Virginia 22042 (Hybrid)

Clearance Level: Active DoD - Secret

Required Certification(s): 

  • DoD IAT Level III Certification. 

SUMMARYXOR Security an Agile Defense Company is seeking qualified candidates to join our team on the Army National Guard (ARNG) Guard Enterprise Cyber Operations Support (GECOS) project.  The GECOS project is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG’s global Information Technology (IT) services including networking, computing, storage, infrastructure, applications, hosting, and program management services.  The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services.


  • Review the ingestion of cyber news feeds, signature updates, incident reports, threat briefs, and vulnerability alerts from external sources and determine its applicability to the environment.
  • Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information.
  • Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
  • Respond to computer security breaches and viruses.
  • Perform correlation activities and trend analysis to discover attack patterns and assess the risks and potential exposure of assets.
  • Ensure continued security of the network and proactive enhancement of cybersecurity to meet evolving and emerging threats, to include compliance with DoD Risk Management Framework (RMF) and continuous monitoring requirements.
  • Be responsible for ensuring monitoring enterprise systems, defending against security breaches, and identifying, investigating, and mitigating cybersecurity threats including managing the operation of the SOC and the performance of ARNG RCC-NG SOC activities 24/7/365 to protect DOD information systems and infrastructure.
  • Compile and interpret the information received about emerging threats at different classification levels through data feeds from Internet security firms, Government organizations, private industry, and foreign governments into actionable monitoring either by developing custom content or by means suggested by the contractor.
  • Identify potential threats based on utilized hardware and software and identify current and evolving hacking tools and methodologies available to disrupt these systems.
  • Correlate data feeds and logs to analyze with known threats and incidents.
  • Build, implement, and refine event correlation rules, logic, content, and analysis techniques that will enable SOC personnel to correlate events and security incidents with specific sources, such as individuals, threat actors, IT systems, devices, and IP addresses.
  • Responsible for performing correlation activities and trend analysis to discover attack patterns and assess the risks and potential exposure of assets and develop and enhance correlation rules, logic, and analysis techniques for associating data.
  • Determine risks to the enterprise and develop mitigations and/or countermeasures in coordination with the RCC-NG.
  • Assist with the authoring and review of cyber intelligence information based on knowledge of adversary capabilities, intentions, and Techniques, Tactics, and Procedures (TTPs).
  • Fuse cyber threat, vulnerability, and asset management information from strategic partners across the network.
  • Report cyber threat, vulnerability, and asset management data to ARNG leadership and the RCC-NG.
  • Provide situational awareness to other SOC analysts, incident responders, ARNG leadership, RCC-NG, and strategic enterprise level decision makers.
  • Communicate methods for detecting activities of specific threats and plan operations to mitigate or disrupt the threat as part of the overarching CND.
  • Collaborate in the development of enterprise-level playbooks for automation and orchestration.


  • Provides guidance to junior-level staff, as necessary.

QUALIFICATIONSRequired Certifications

  • Possess the appropriate baseline certifications to achieve DoD 8570.01-M Information Assurance Technical (IAT) Level III

Education, Background, and Years of Experience

  • BA/BS or higher in a related field. 
  • 5 years of experience in security engineering, with a focus in data feeds and Computer Network Defense (CND).


  • Experience managing firewall, SIEM tools, IDS/IPS, and router ACL policies.
  • Experience with vulnerability management assessment and mitigation.
  • An active Secret DoD  Security Clearance.

Closing Statement: 

XOR Security an Agile Defense Company  offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits. 

XOR Security an Agile Defense Company  is an Equal Opportunity Employer (EOE). M/F/D/V. 

Citizenship Clearance Requirement Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED. 

Cyber Security Jobs by Category

Cyber Security Salaries