Network Security Monitoring Analyst

The work

The Network Security Monitoring Analyst is a vital member of the Security Operations Center (SOC), serving as the first line of defense against cyber threats. This role involves continuous monitoring of security systems, analyzing alerts, identifying potential incidents, and responding swiftly to mitigate risks. Analysts leverage a variety of security tools, threat intelligence, and established procedures to maintain a strong security posture. This role requires a blend of technical expertise, analytical thinking, strong communication skills, and a commitment to continuous learning.

Key responsibilities:

• Actively monitor SIEM, IDS/IPS, EDR, firewalls, and other security systems for suspicious activity
• Triage and analyze security alerts, identifying true threats vs. false positives
• Support incident response activities including triage, containment, eradication, and recovery
• Analyze security logs and correlate events across multiple sources
• Integrate threat intelligence into monitoring workflows and incident investigations
• Document incident details, timelines, and actions taken
• Assist in tuning, configuring, and maintaining security tools
• Support compliance initiatives aligned to NIST, FISMA, and internal policies
• Collaborate with SOC team members, incident responders, and IT operations
• Maintain awareness of emerging cyber threats, vulnerabilities, and security practices

Here’s what you need:

• Bachelor’s degree in computer science, information technology, cybersecurity, or equivalent experience
• Proven experience working in a SOC or similar cybersecurity environment
• Strong understanding of networking concepts and protocols (TCP/IP, DNS, HTTP, etc.)
• Proficiency using SIEM tools, especially Splunk
• Familiarity with IDS/IPS, EDR, and other security platforms (Snort, Suricata, CrowdStrike, SentinelOne)
• Basic to intermediate scripting skills (Python, Bash) for automation and analysis
• Strong analytical and problem‑solving skills
• Excellent communication and teamwork abilities
• Ability to operate in a fast‑paced 24/7 SOC environment
• Knowledge of common operating systems (Windows, Linux, macOS)
• Understanding of cloud security concepts

Nice to have:

• Relevant cybersecurity certifications (Security+, CySA+, CEH, GCIA, etc.)
• Experience with log correlation, threat hunting, or SOC automation
• Familiarity with MITRE ATT&CK or other threat‑behavior frameworks
• Experience tuning SIEM rules, dashboards, and detection logic
• Exposure to digital forensics or malware analysis

Eligibility requirements:

• Must be able to obtain and maintain a Public Trust government clearance
• Ability to work shift schedules as part of a 24/7 SOC operation