Position Title: Security Operations Center (SOC) Analyst – SIEM / Splunk
Location: Remote (U.S.) with Occasional Travel
Client: Federal / Public Sector Programs
Work Authorization: Candidates must be authorized to work in the United States. U.S. Citizenship may be required based on client assignment.
📩 To apply, please submit your resume to careers@wintrio.com or complete the application form below.
Job Summary
WINTrio LLC is seeking a Security Operations Center (SOC) Analyst with experience supporting Security Information and Event Management (SIEM) platforms, particularly Splunk, within Federal cybersecurity environments.
This role is responsible for monitoring security events, investigating alerts, supporting incident response activities, conducting threat analysis, and enhancing operational visibility across enterprise systems. The successful candidate will help protect Federal environments by identifying suspicious activity, responding to security incidents, supporting continuous monitoring initiatives, and improving detection capabilities across cloud, network, application, and endpoint environments.
The ideal candidate possesses strong analytical skills, experience working in a SOC or cybersecurity operations environment, and the ability to investigate and respond to security events in accordance with Federal cybersecurity requirements.
Job Responsibilities
- Monitor security alerts, events, and indicators using Splunk, SIEM dashboards, endpoint security platforms, network monitoring tools, and cloud security services.
- Triage, investigate, document, and escalate security incidents based on severity, risk, mission impact, and established procedures.
- Correlate security events across firewalls, endpoints, identity systems, vulnerability scanners, applications, and cloud platforms.
- Develop, maintain, and refine Splunk searches, alerts, dashboards, reports, and correlation rules.
- Support incident response activities, including containment, eradication, recovery, evidence collection, and after-action reporting.
- Analyze logs from Windows, Linux, Active Directory, Azure AD/Entra ID, cloud services, firewalls, IDS/IPS solutions, endpoint detection platforms, and enterprise applications.
- Support continuous monitoring, threat hunting, insider threat investigations, and suspicious activity detection efforts.
- Document incidents, findings, timelines, remediation actions, and lessons learned using ServiceNow, JIRA, or similar tracking systems.
- Support reporting activities aligned with Federal cybersecurity requirements, SLAs, compliance mandates, and incident response procedures.
- Assist with SOC process improvement initiatives, playbook development, detection engineering, and workflow automation efforts.
- Collaborate with cybersecurity, infrastructure, cloud, and application teams to strengthen organizational security posture.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field, or equivalent professional experience.
- Minimum three (3) years of experience supporting cybersecurity operations, SOC activities, incident response, threat monitoring, or SIEM administration.
- Hands-on experience using Splunk or comparable SIEM platforms.
- Strong understanding of incident response processes, threat detection methodologies, log analysis, and alert triage.
- Experience analyzing endpoint, network, identity, application, and cloud security logs.
- Familiarity with Federal cybersecurity requirements, continuous monitoring programs, and compliance reporting.
- Strong written and verbal communication skills.
- Strong analytical, investigative, and problem-solving abilities.
Technical Areas
Security Operations & Incident Response
- Security Event Monitoring
- Alert Triage
- Incident Investigation
- Incident Response
- Threat Detection
- Threat Hunting
- Continuous Monitoring
- Security Reporting
SIEM & Log Analysis
- Log Correlation
- Security Analytics
- Detection Engineering
- Correlation Rule Development
- Dashboard Development
- Operational Reporting
Threat Intelligence & Analysis
- MITRE ATT&CK Framework
- CISA Known Exploited Vulnerabilities (KEV)
- CVE Analysis
- Indicators of Compromise (IOC)
- Threat Intelligence Enrichment
- Adversary Tactics & Techniques
Cloud & Enterprise Security
- AWS Security Monitoring
- Azure Security Monitoring
- Identity Security Monitoring
- Network Security Monitoring
- Endpoint Security Monitoring
Tools & Platforms
SIEM Platforms
- Splunk Enterprise
- Splunk Enterprise Security
- ELK Stack
- Microsoft Sentinel
- IBM QRadar
Endpoint & EDR Platforms
- CrowdStrike
- Microsoft Defender
- Carbon Black
- Trellix
- SentinelOne
Network Security Tools
- Firewalls
- IDS/IPS Platforms
- VPN Monitoring
- NetFlow Analysis
- Wireshark
Identity & Access Security
- Active Directory
- Microsoft Entra ID (Azure AD)
- Privileged Access Monitoring
Cloud Security Monitoring
- AWS CloudTrail
- Amazon GuardDuty
- AWS CloudWatch
- Azure Monitor
- Microsoft Defender for Cloud
Incident Management & Collaboration
- ServiceNow
- JIRA
- SOAR Platforms
- Case Management Systems
Scripting & Automation
- Python
- PowerShell
- Bash
Preferred Certifications
- CompTIA Security+
- CompTIA CySA+
- Splunk Core Certified User
- Splunk Core Certified Power User
- Splunk Enterprise Security Certified Administrator
- GIAC Certified Incident Handler (GCIH)
- GIAC Security Essentials (GSEC)
- Certified Ethical Hacker (CEH)
- Microsoft Security Operations Analyst Associate
Preferred Qualifications
- Experience supporting Federal SOC, continuous monitoring, or incident response programs.
- Experience creating Splunk dashboards, alerts, correlation searches, and executive-level reporting.
- Experience supporting SOAR automation initiatives, threat hunting programs, or detection engineering activities.
- Experience supporting cloud-hosted or hybrid technology environments.
- Familiarity with NIST SP 800-53, NIST SP 800-61, FISMA, DHS CDM, and FedRAMP requirements.
- Experience supporting enterprise cybersecurity operations centers.
Work Environment
- Full-time position.
- Remote within the United States.
- Standard business hours Monday through Friday.
- Occasional travel may be required in support of customer meetings, incident response activities, and program requirements.
WINTrio Benefits
- Healthcare (Medical, Dental, and Vision)
- Flexible Spending Account (FSA) and Health Savings Account (HSA)
- 401(k) and Retirement Savings Plan
- Annual Bonus and Profit Sharing Opportunities
- Paid Time Off (PTO) and Vacation
- Employee Assistance Program (EAP)
- Life, Personal, and Voluntary Disability Insurance
Growth Opportunities
There is ample opportunity to grow in multiple dimensions, including cybersecurity operations, incident response, threat hunting, cloud security, detection engineering, security automation, cyber defense, and cybersecurity leadership. We are a completely employee-driven company, and our continued success is built on the talent, dedication, and innovation of our team members.
Equal Opportunity Employer
WINTrio LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.