Cybersecurity/SOC Analyst

Remote - Morrisville, North Carolina, United States

Applications have closed
phia LLC logo
phia LLC

Posted 1 month ago

OVERVIEW: phia LLC is seeking skilled mid to senior Cybersecurity/SOC analysts to support a large Federal Security Operations Center (SOC). This support contract provides a broad range of cyber services to all components under the CISO including cyber operations, cyber risk, security engineering and digital integration departments. The client’s enterprise consists of over 600,000 employees, 500,000 devices, 200,000 enterprise email accounts, 200,000 endpoints, 800 firewall sets, and 640+ URLs of which 350 require web application firewall protection. This job is located in Morrisville, NC with full remote work during the pandemic. Preferred candidates will live within commutable distance or be willing to eventually relocate.


  • Perform event analysis and incident handling leveraging a full security stack (SIEM, EDR, NIDS, etc.)
  • Handle incidents as defined in Playbooks and SOPs.
  • Technical analysis of network and host data via SIEM technology platforms (Splunk, ArcSight, McAfee Nitro, etc.)
  • Technical analysis of network and host activity; the analyst monitors and evaluates network flow data, signature-based IDS events and full packet capture (PCAP) data. Review host logs and other witness device logs.
    • Triage IDS alerts; collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, prepare initial summary reports.
    • Monitor and analyze signature-based IDS alerts and associated PCAP data
    • Analyze network flow data for anomalies and to correlate reporting with enterprise-wide network activity
    • Operating system and other host level logs
    • Analyzing output form anti-virus, host based security solutions, malware analysis platforms and other system level utilities (e.g. SysInternals, McAfee, Symatnec, Tanium, FireEye HX, Bit9/Carbon Black)
    • Document key event details and analytic findings in an incident management system
  • Perform high-level incident handling functions to include:
    • Assist in providing oversight and assessment of incident response and triage actions across a large enterprise
    • Identify & extract network indicators from incident reporting and published technical advisories/bulletins
    • Perform incident correlation & escalation
    • Advise on remediation actions.
  • Produce final reports and peer review incident reports from other SOC analysts.
  • Communicate and collaborate with analysts from other SOC organizations to investigate cyber events.
  • Assess cyber indicators/observables and collaborate in the development of IDS signatures and detection mechanisms.
  • Monitor and report on trends and activity on network sensor platforms.
  • Document key event details and analytic findings in the SOC’s incident management system (e.g. ServiceNow).
  • Familiarity with ticketing systems (e.g. Remedy, Jira, ServiceNow).
  • Provide technical assessments of cyber threats and vulnerabilities.
  • Produce and update network analysis and incident handling documentation and SOPs.



  • Must be a U.S. Citizen
  • 2+ or more years of relevant work experience
  • Ability to obtain Public Trust


  • Bachelor's Degree or equivalent experience in a technical or related field
  • Related security certifications: Sec+, CEH, GCIH, GCIA or other related professional certifications
  • Working knowledge or experience with host level security tools, network security tools IDS/IPS, SIEM, and other security systems/sensors
  • Familiarity with malware analysis and cyber threat/intel analysis

WORK SCHEDULE: Day Shift or Evening shift (3:30PM-11:30)


TELEWORK ELIGIBILITY: This job is located in Morrisville, NC with full remote work during the pandemic. Preferred candidates will live within commutable distance or be willing to eventually relocate.

SECURITY REQUIREMENTS: Public Trust, but Secret or Top Secret clearance is desirable and can be supported



phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits to enhance the work-life balance, these include the following:

· Medical Insurance

· Dental Insurance

· Vision Insurance

· Life Insurance

· Short Term & Long Term Disability

· 401k Retirement Savings Plan with Company Match

· Paid Holidays

· Paid Time Off (PTO)

· Tuition and Professional Development Assistance

· Parking Reimbursement

Job tags: Architecture ArcSight CEH Clearance Firewall GCIH IDS Incident response IPS Malware Network security SIEM Splunk Strategy Top Secret Top Secret Clearance Vulnerabilities
Job region(s): North America Remote/Anywhere