Cyber Security Analyst Tier III

About the role

The Tier III Cyber Security Analyst joins the Virginia Information Technology Agency (VITA) SOC team as a senior escalation point for high‑severity incidents. You will lead end‑to‑end response actions, develop Splunk‑based detection assets, and mentor junior analysts while ensuring continuous improvement of the security operations workflow.

Key responsibilities

• Lead complex incident investigations across identity, endpoint, network, cloud, and SaaS telemetry, driving containment and remediation.
• Provide expertise on IOCs, TTPs, threat hunting, and threat intelligence, handling customer‑facing escalations.
• Develop, maintain, and optimise Splunk dashboards, correlation searches, and automated detection workflows to improve SOC efficiency.
• Write and maintain SPL queries, scheduled reports, and lookup‑driven workflows; extend Splunk capabilities with Python and PowerShell scripts.
• Analyse malware reports, document attacker actions, and produce detailed incident reports.
• Mentor junior analysts and operate third‑party security tools within the client environment.

Required profile

• Minimum 8 years of hands‑on experience in cyber defense, SOC operations, and incident response.
• Proven track record of leading Tier III investigations and delivering actionable remediation.
• Strong analytical mindset with the ability to prioritize and triage security events according to runbooks.
• Excellent written communication for incident reporting and knowledge sharing.

Required skills

• Splunk (dashboard creation, SPL queries, correlation searches)
• Python scripting
• PowerShell scripting
• Security Information and Event Management (SIEM) concepts
• Threat hunting and malware analysis
• Incident response and containment techniques