SOC Analyst

Kforce has a client that is seeking a SOC Analyst in Fulton, MD.

Overview

Our client is seeking a dedicated (SOC Analyst) to support their on-site security operations team. This role focuses on alert monitoring, triage, incident response support, vulnerability visibility, and overall security hygiene across both IT and highly sensitive OT environments.

The preferred analyst will work closely with the ISSO and IT/OT teams to strengthen defensive posture and support ongoing CMMC 2.0 maturity efforts, patch compliance, and continuous improvement of detection and response capabilities.

This is an on-site, structured security operations role designed for a security professional with intermediate to established experience who is ready to take on deeper investigative responsibilities, leverage enterprise detection tooling, and contribute to real-time incident response operations.

Key Responsibilities:

Security Monitoring & Alert Triage:

• Monitor and triage alerts from CrowdStrike Falcon, Microsoft Defender for Endpoint, and Splunk dashboards (Splunk experience preferred but not required)
• Conduct initial investigations: validate alert severity, gather relevant logs, correlate events, and determine scope and legitimacy
• Escalate confirmed or high-confidence incidents with clear documentation and recommended containment steps

Incident Response (Tier 1/Tier 1.5):

• Execute approved first-response actions (endpoint isolation, IOC lookup, basic forensic collection)
• Maintain accurate case documentation, timelines, and evidence for audit/IR follow-up
• Support after-action reviews and contribute to playbook/runbook refinement

Vulnerability & Patch Visibility:

Assist with vulnerability lifecycle tracking leveraging Tenable:

• Review findings, identify false positives, and validate remediation progress
• Support compliance tracking across both IT and OT systems* 3-5 years of experience in SOC, cybersecurity, IT security, or IT operations

Familiarity with:

• Splunk (search queries, dashboards, log analysis)
• Microsoft Defender for Endpoint (alerting, device inventory, telemetry review)
• Basic EDR triage concepts (CrowdStrike experience is a strong plus)

Strong understanding of:

• Windows operating system fundamentals
• Core networking (TCP/IP, DNS, HTTP, ports/protocols)
• Security principles (malware types, phishing, privilege escalation)

Preferred/Highly Desired Skills:

• Direct experience investigating alerts in CrowdStrike Falcon, Defender for Endpoint, or similar EDR tools
• Familiarity with OT network environments, ICS/SCADA concepts, Purdue Model, or OT-specific security considerations
• Experience reviewing vulnerability results in Tenable and supporting patch compliance
• Exposure to compliance frameworks such as CMMC, NIST 800-171, NIST 800-53 r5, or similar

Certifications (not required but a plus):

• Security+, CCNA, CySA+
• SC-200, SC-900
• CrowdStrike Certified Falcon Analyst badges