WINTrio career opportunity

Career Opportunity

Security Operations Center (SOC) Analyst – SIEM / Splunk

Remote (U.S.) with Occasional Travel · Full Time

Position Title: Security Operations Center (SOC) Analyst – SIEM / Splunk 
Location: Remote (U.S.) with Occasional Travel 
Client: Federal / Public Sector Programs 
Work Authorization: Candidates must be authorized to work in the United States. U.S. Citizenship may be required based on client assignment. 
📩 To apply, please submit your resume to careers@wintrio.com or complete the application form below. 

Job Summary 

WINTrio LLC is seeking a Security Operations Center (SOC) Analyst with experience supporting Security Information and Event Management (SIEM) platforms, particularly Splunk, within Federal cybersecurity environments. 

This role is responsible for monitoring security events, investigating alerts, supporting incident response activities, conducting threat analysis, and enhancing operational visibility across enterprise systems. The successful candidate will help protect Federal environments by identifying suspicious activity, responding to security incidents, supporting continuous monitoring initiatives, and improving detection capabilities across cloud, network, application, and endpoint environments. 

The ideal candidate possesses strong analytical skills, experience working in a SOC or cybersecurity operations environment, and the ability to investigate and respond to security events in accordance with Federal cybersecurity requirements. 

Job Responsibilities 

  • Monitor security alerts, events, and indicators using Splunk, SIEM dashboards, endpoint security platforms, network monitoring tools, and cloud security services. 
  • Triage, investigate, document, and escalate security incidents based on severity, risk, mission impact, and established procedures. 
  • Correlate security events across firewalls, endpoints, identity systems, vulnerability scanners, applications, and cloud platforms. 
  • Develop, maintain, and refine Splunk searches, alerts, dashboards, reports, and correlation rules. 
  • Support incident response activities, including containment, eradication, recovery, evidence collection, and after-action reporting. 
  • Analyze logs from Windows, Linux, Active Directory, Azure AD/Entra ID, cloud services, firewalls, IDS/IPS solutions, endpoint detection platforms, and enterprise applications. 
  • Support continuous monitoring, threat hunting, insider threat investigations, and suspicious activity detection efforts. 
  • Document incidents, findings, timelines, remediation actions, and lessons learned using ServiceNow, JIRA, or similar tracking systems. 
  • Support reporting activities aligned with Federal cybersecurity requirements, SLAs, compliance mandates, and incident response procedures. 
  • Assist with SOC process improvement initiatives, playbook development, detection engineering, and workflow automation efforts. 
  • Collaborate with cybersecurity, infrastructure, cloud, and application teams to strengthen organizational security posture. 

Required Qualifications 

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field, or equivalent professional experience. 
  • Minimum three (3) years of experience supporting cybersecurity operations, SOC activities, incident response, threat monitoring, or SIEM administration. 
  • Hands-on experience using Splunk or comparable SIEM platforms. 
  • Strong understanding of incident response processes, threat detection methodologies, log analysis, and alert triage. 
  • Experience analyzing endpoint, network, identity, application, and cloud security logs. 
  • Familiarity with Federal cybersecurity requirements, continuous monitoring programs, and compliance reporting. 
  • Strong written and verbal communication skills. 
  • Strong analytical, investigative, and problem-solving abilities. 

Technical Areas 

Security Operations & Incident Response 

  • Security Event Monitoring 
  • Alert Triage 
  • Incident Investigation 
  • Incident Response 
  • Threat Detection 
  • Threat Hunting 
  • Continuous Monitoring 
  • Security Reporting 

SIEM & Log Analysis 

  • Log Correlation 
  • Security Analytics 
  • Detection Engineering 
  • Correlation Rule Development 
  • Dashboard Development 
  • Operational Reporting 

Threat Intelligence & Analysis 

  • MITRE ATT&CK Framework 
  • CISA Known Exploited Vulnerabilities (KEV) 
  • CVE Analysis 
  • Indicators of Compromise (IOC) 
  • Threat Intelligence Enrichment 
  • Adversary Tactics & Techniques 

Cloud & Enterprise Security 

  • AWS Security Monitoring 
  • Azure Security Monitoring 
  • Identity Security Monitoring 
  • Network Security Monitoring 
  • Endpoint Security Monitoring 

Tools & Platforms 

SIEM Platforms 

  • Splunk Enterprise 
  • Splunk Enterprise Security 
  • ELK Stack 
  • Microsoft Sentinel 
  • IBM QRadar 

Endpoint & EDR Platforms 

  • CrowdStrike 
  • Microsoft Defender 
  • Carbon Black 
  • Trellix 
  • SentinelOne 

Network Security Tools 

  • Firewalls 
  • IDS/IPS Platforms 
  • VPN Monitoring 
  • NetFlow Analysis 
  • Wireshark 

Identity & Access Security 

  • Active Directory 
  • Microsoft Entra ID (Azure AD) 
  • Privileged Access Monitoring 

Cloud Security Monitoring 

  • AWS CloudTrail 
  • Amazon GuardDuty 
  • AWS CloudWatch 
  • Azure Monitor 
  • Microsoft Defender for Cloud 

Incident Management & Collaboration 

  • ServiceNow 
  • JIRA 
  • SOAR Platforms 
  • Case Management Systems 

Scripting & Automation 

  • Python 
  • PowerShell 
  • Bash 

Preferred Certifications 

  • CompTIA Security+ 
  • CompTIA CySA+ 
  • Splunk Core Certified User 
  • Splunk Core Certified Power User 
  • Splunk Enterprise Security Certified Administrator 
  • GIAC Certified Incident Handler (GCIH) 
  • GIAC Security Essentials (GSEC) 
  • Certified Ethical Hacker (CEH) 
  • Microsoft Security Operations Analyst Associate 

Preferred Qualifications 

  • Experience supporting Federal SOC, continuous monitoring, or incident response programs. 
  • Experience creating Splunk dashboards, alerts, correlation searches, and executive-level reporting. 
  • Experience supporting SOAR automation initiatives, threat hunting programs, or detection engineering activities. 
  • Experience supporting cloud-hosted or hybrid technology environments. 
  • Familiarity with NIST SP 800-53, NIST SP 800-61, FISMA, DHS CDM, and FedRAMP requirements. 
  • Experience supporting enterprise cybersecurity operations centers. 

Work Environment 

  • Full-time position. 
  • Remote within the United States. 
  • Standard business hours Monday through Friday. 
  • Occasional travel may be required in support of customer meetings, incident response activities, and program requirements. 

WINTrio Benefits 

  • Healthcare (Medical, Dental, and Vision) 
  • Flexible Spending Account (FSA) and Health Savings Account (HSA) 
  • 401(k) and Retirement Savings Plan 
  • Annual Bonus and Profit Sharing Opportunities 
  • Paid Time Off (PTO) and Vacation 
  • Employee Assistance Program (EAP) 
  • Life, Personal, and Voluntary Disability Insurance 

Growth Opportunities 

There is ample opportunity to grow in multiple dimensions, including cybersecurity operations, incident response, threat hunting, cloud security, detection engineering, security automation, cyber defense, and cybersecurity leadership. We are a completely employee-driven company, and our continued success is built on the talent, dedication, and innovation of our team members. 

Equal Opportunity Employer 

WINTrio LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. 

Contract Vehicles & Certifications

Trusted credentials for federal delivery

Certifications and contract access that support secure, compliant, mission-ready modernization.