Jobs via Dice · 4 hours ago
SOC Analyst
Richmond, VA
Contract
Hybrid
Entry, Mid Level
2+ years expDice is the leading career destination for tech experts, and they are seeking a skilled Incident Responder / SOC Analyst to support and enhance cybersecurity operations. The role involves investigating cybersecurity threats, responding to incidents, and strengthening detection and response capabilities.
Computer Software
Responsibilities
Monitor and triage alerts from SIEM, EDR, and NDR tools to identify and validate true security events
Conduct incident investigations, assessing severity, scope, and impact
Analyze attack telemetry and convert raw data into actionable threat intelligence
Coordinate with senior cybersecurity staff or advanced analysts on complex investigations requiring deeper forensic analysis or malware reverse engineering
Utilize threat intelligence sources—IOCs, updated detections, frameworks like MITRE ATT&CK, and relevant advisories—to strengthen detection capabilities
Assist in designing and implementing containment strategies, including device isolation, account lockdown, and segmentation
Support recovery activities to restore systems securely and prevent recurrence
Update and refine incident response playbooks, procedures, and documentation based on lessons learned
Assist with SIEM tuning, detection rule optimization, and reduction of false positives
Prepare detailed incident reports for stakeholders, ensuring clarity and completeness
Thoroughly document investigation steps, evidence, timestamps, and actions taken in case management systems
Collect and preserve digital evidence according to standard operating procedures
Manage ticketing workflows, ensuring SLA compliance and effective handoff between shifts
Collaborate with leadership and engineering teams to improve alert quality and operational efficiency
Qualification
Required
2–5 years of experience in cybersecurity operations, incident response, or a SOC environment
Strong understanding of: Incident Response Lifecycle (e.g., NIST 800-61), Threat intelligence & IOC correlation, Network protocols (TCP/IP, DNS, HTTP) and log analysis
Proficiency with: SIEM platforms (Splunk, QRadar, Microsoft Sentinel, etc.), EDR tools (CrowdStrike, Microsoft Defender, Cisco Secure Endpoint, etc.), Threat intelligence platforms and IOC feeds
Familiarity with incident handling concepts and identity management (Active Directory, Azure AD)
Scripting experience using PowerShell or Python for automation and data parsing
Ability to contain and remediate incidents using established playbooks
Strong communication and documentation skills for technical and non-technical audiences
Preferred
Bachelor's degree in Cybersecurity, IT, Computer Science, or a related field
CompTIA Security+, CySA+
GIAC certifications (e.g., GCIA, GCIH, GCFA)
CISSP (in progress acceptable)
Microsoft security certifications (SC-900, SC-200)
Splunk Core User or equivalent
SOAR automation for incident response workflows
Packet capture and analysis (e.g., Wireshark)
Cloud security concepts and tooling (Azure, AWS)
Company
Jobs via Dice
Welcome to Jobs via Dice, the go-to destination for discovering the tech jobs you want.
0-1 employees
Funding
Current Stage
Early StageCompany data provided by crunchbase