Tier III SOC Analyst

Position Overview

Blu Omega is seeking a Tier III SOC Analyst to support the TSA Continuous Diagnostics and Mitigation (CND) program in a high-visibility Security Operations Center (SOC) environment. This individual will serve as a senior-level resource responsible for advanced threat detection, incident response, and security analysis. The ideal Candidate is capable of operating independently, can quickly acclimate to the environment, and thrives in a fast-paced, mission-critical setting with evolving priorities.

Key Responsibilities

• Monitor, analyze, and triage security events and alerts generated by the client’s SIEM in a 24x7x365 SOC environment
• Perform advanced incident response activities, including investigation, containment, eradication, and recovery
• Conduct deep-dive analysis of security alerts to identify malicious activity and potential threats
• Analyze logs and data from various sources including firewalls, IDS/IPS, endpoints, and network devices
• Leverage tools such as Splunk, Tanium, Trellix (McAfee ePO), Zscaler, Microsoft Defender, and FireEye for threat detection and response
• Escalate and coordinate incidents as appropriate, providing detailed documentation and reporting
• Support continuous improvement of SOC processes, detection use cases, and response procedures
• Maintain awareness of emerging threats, vulnerabilities, and attack vectors

Required Qualifications

• Minimum of 4 years of experience in a SOC or NOC environment performing security monitoring and analysis
• Strong experience with SIEM platforms, specifically Splunk
• Hands-on experience with EDR tools supporting incident investigations
• Solid understanding of the incident response lifecycle
• Working knowledge of operating systems including Windows, Linux, and macOS
• Strong understanding of network protocols and communications (TCP, UDP, ICMP, BGP, MPLS)
• Familiarity with common enterprise services and protocols (DNS, DHCP, HTTP/HTTPS, SMTP, SQL)
• Experience analyzing logs from firewalls, IDS/IPS, and other security infrastructure
• Ability to operate effectively in a fast-paced environment with shifting priorities

Preferred Qualifications

• Experience in a federal or government SOC environment
• Exposure to enterprise security tooling including Tanium, Trellix, Zscaler, Microsoft Defender, and FireEye
• Strong analytical and problem-solving skills
• Prior experience operating in shift-based environments

Education

• High School Diploma required (higher education preferred)

Additional Details

• Initial support will align to day shift, with potential transition to shift work (front half nights or back half days) after onboarding
• Flexibility to support alternate shifts is highly preferred
• Two-step interview process
• Immediate need, though full TSA EOD process is required prior to start
• Opportunity extends into option year