• Monitor & Investigate: Actively monitor security dashboards, queues, and alerts from various sources (automated tools, escalated tickets) to detect potential threats. • Incident Triage & Response: Conduct initial investigations into security alerts, perform rapid response actions like securing user accounts, and collect necessary log data for analysis. • Escalate Effectively: Analyze findings to determine the scope and severity of incidents, resolving straightforward issues and escalating complex cases to Level 2 Analysts with clear, concise information. • Security Tool Management: Review and implement authorized, routine changes to security tools, such as processing client exemption requests in the EDR or temporarily adjusting settings for testing. • Collaborate with the Security Team: Work closely with fellow analysts and security engineers, sharing information, participating in team discussions, and contributing to a collaborative security environment. • Engage with Users/Clients: Communicate professionally and clearly with end-users or clients to gather details about potential security issues, explain security procedures, and provide guidance during incident resolution. • Liaise Across Departments: Interact effectively with other teams (e.g., Reactive Support, Client Strategy, NOC) to coordinate security responses and share necessary information. • Document Actions: Maintain accurate and detailed records of investigations, actions taken, communications, and resolutions within ConnectWise. • Provide Support: Offer timely and helpful support related to security inquiries, upholding a professional and customer-service-oriented approach in all interactions.

cFocus Software seeks a Tier 1 SOC Analyst to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance. Qualifications: - Active Public Trust clearance - B.S. Computer Science, Information Technology, or a related field - Foundational knowledge of cybersecurity principles and SOC operations - Familiarity with SIEM tools, preferably Microsoft Sentinel - Understanding of common attack vectors and MITRE ATT&CK framework - Basic knowledge of networking, operating systems (Windows/macOS), and cloud environments - Strong analytical and problem-solving skills - Ability to follow procedures and work in a shift-based environment - Relevant certifications (e.g., Security+, CySA+, or equivalent) - Experience with Microsoft Defender tools (Endpoint, Identity) - Exposure to log analysis and incident response processes - Preferred certifications include but are not limited to - GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications - Microsoft Sentinel or Microsoft security platform certifications - Relevant cloud security certifications (e.g., AWS security) - Privacy certifications (e.g., CIPP/US, CIPM) where applicable Duties: - Monitor security alerts and events using SIEM tools (e.g., Microsoft Sentinel) - Perform initial triage and validation of alerts to determine legitimacy - Escalate confirmed or suspicious incidents to Tier II analysts per defined procedures - Document incidents, actions taken, and findings in ticketing systems - Follow established playbooks and standard operating procedure - Assist with log review across identity, endpoint, network, and cloud environments - Support reporting requirements by contributing to weekly and monthly SOC reports - Maintain situational awareness of emerging threats and indicators of compromise

cFocus Software seeks a Tier 2 SOC Analyst to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance. Qualifications: - Active Public Trust clearance - B.S. Computer Science, Information Technology, or a related field - 2+ years of SOC Analyst experience - Strong knowledge of cybersecurity operations and incident response processes - Experience with SIEM platforms, preferably Microsoft Sentinel - Understanding of MITRE ATT&CK framework and threat actor tactics - Experience analyzing logs from endpoints, networks, cloud, and identity systems - Familiarity with Microsoft Defender tools (Endpoint, Identity) and cloud platforms (AWS) - Experience with digital forensics and malware analysis - Familiarity with SOAR tools and automation workflows - Experience supporting federal or regulated environments (NIST, CUI, etc.) - Ability to perform threat hunting and advanced correlation analysis - Preferred certifications include but are not limited to - GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications - Microsoft Sentinel or Microsoft security platform certifications - Relevant cloud security certifications (e.g., AWS security) - Privacy certifications (e.g., CIPP/US, CIPM) where applicable Duties: - Perform advanced analysis and investigation of escalated security alerts and incidents - Conduct root cause analysis (RCA) and determine scope and impact of incidents - Support incident response activities including containment, eradication, and recovery - Perform threat hunting across identity, endpoint, network, cloud, and application logs - Correlate events across multiple data sources within SIEM (Microsoft Sentinel) - Develop and tune detection rules, analytics, and use cases - Maintain and improve SOC playbooks and incident response procedures - Provide detailed documentation of investigations, findings, and remediation actions - Support reporting requirements including contributions to monthly and quarterly reports - Collaborate with Tier I and Tier III analysts, engineers, and stakeholders

cFocus Software seeks a Tier 3 SOC Analyst to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance. Qualifications: - Active Public Trust clearance - B.S. Computer Science, Information Technology, or a related field - 5+ years of SOC Analyst experience - Expert knowledge of incident response, threat hunting, and detection engineering - Advanced experience with Microsoft Sentinel (SIEM) and Microsoft Defender tools - Strong understanding of MITRE ATT&CK framework and adversary tactics - Experience with digital forensics and malware analysis techniques - Ability to analyze logs across identity, endpoint, network, and cloud environments - Strong knowledge of AWS logs (CloudTrail, VPC Flow Logs) and enterprise security tools - Experience with KQL (Kusto Query Language) and advanced correlation analysis - Deep understanding of NIST frameworks (800-53, 800-61, 800-92) and Zero Trust principles - Experience with SOAR platforms and automation (Logic Apps, Sentinel playbooks) - Experience supporting federal environments and compliance (CUI, FTI, NIST, IRS 1075) - Experience leading incident response engagements and reporting to leadership - Preferred certifications include but are not limited to - GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications - Microsoft Sentinel or Microsoft security platform certifications - Relevant cloud security certifications (e.g., AWS security) - Privacy certifications (e.g., CIPP/US, CIPM) where applicable Duties: - Lead investigation and response for complex and high-severity security incidents - Perform advanced threat hunting using Microsoft Sentinel and Defender platforms - Conduct digital forensics, malware analysis, and root cause analysis (RCA) - Develop, tune, and optimize detection rules, analytics, and correlation logic - Map detections and activities to MITRE ATT&CK framework - Oversee incident lifecycle management (detection through containment, eradication, and recovery) - Support and improve SOC playbooks, automation workflows, and response procedures - Provide mentorship and guidance to Tier I and Tier II analysts - Identify security control gaps and recommend remediation strategies - Support red team, purple team, and adversary emulation exercises - Contribute to incident reports, quarterly threat reviews, and executive briefings