• Support the Department of Veterans Affairs in maintaining cybersecurity compliance across VA research environments. • Own the paperwork that keeps VA systems authorized and running: ATO and ATC packages, security artifacts, POA&Ms, gap analyses, and FISMA documentation. • Develop, review, and maintain ATO and ATC packages including system security plans (SSPs), control implementation statements, FISMA documents, and POA&Ms across a portfolio of VA research systems. • Own the tracking and resolution of open POA&M items, keep authorization schedules current. • Support all RMF steps from security categorization through authorization, coordinating with VA ISOs, ISSOs, site managers, and system owners to close gaps and hit deadlines. • Conduct security assessment reviews for VA research submissions, work within the VA's Continuous Authorization and Monitoring (CAM) framework, and support product installation planning for major system changes. • Lead client-facing meetings on ATO topics regularly.

• Perform security monitoring and analysis across alerts, logs, and events to detect, investigate, and escalate potential threats, anomalies, and policy violations • Perform initial review and triage of security alerts, phishing reports, suspicious activity, and endpoint security events, escalating alerts that require deeper investigation to the Information Security Specialists • Coordinate security incident response activities by gathering relevant information, documenting findings, tracking actions, and coordinating with appropriate teams • Track security findings from scans, audits, and assessments, ensuring timely remediation and clear status reporting • Review and handle security-related service requests based on established procedures, escalating complex issues to senior team members when needed • Maintain accurate documentation for security tickets, incidents, procedures, playbooks, and recurring operational tasks • Support security awareness initiatives by helping track reported issues, recurring user concerns, phishing trends, and common security gaps • Help prepare security reports, summaries, metrics, and status updates for review by the Information Security Team • Performs analogous tasks as needed.

• Lead the investigation of higher-severity, ambiguous, or fast-moving incidents across available security telemetry and case evidence • Determine likely root cause, affected identities and assets, probable scope, and the next actions that matter most • Use targeted hunting and hypothesis-testing workflows to validate suspicious activity • Produce clear investigation records and evidence-based response recommendations • Support clear customer-facing incident handling by turning technical findings into usable evidence summaries • Review escalations from Level 1 analysts and help move difficult cases forward • Identify visibility gaps, weak alert context, and recurring investigative friction for improvement • Propose practical automation ideas for faster or more consistent investigations • Support the technical growth of other analysts through case guidance and feedback

Role Description You will be joining a team that operates as consultants and partners to our clients, helping them innovate their existing processes and tools. We are focused on efficiency, strong communication, and sustainable learning paths. You will have an impact on the project’s evolution and the chance to contribute your own ideas to build successful client relationships. We are looking for a SOC Analyst - Level 2 with strong experience in deeper investigation, incident validation, response recommendations, targeted hunting, and hands-on guidance for the analysts around them. This is the escalation and deeper-investigation analyst lane. It is expected to take technically demanding cases further than the Level 1 lane, improve case quality across the team, and help shape practical service improvements. It is not a baseline architecture role, and it is not the default owner of recurring detection content or day-to-day platform administration. This role includes scheduled weekly on-call escalation coverage outside normal working or rota hours, according to the agreed service process. Key Responsibilities - Lead the investigation of higher-severity, ambiguous, or fast-moving incidents across available security telemetry and case evidence. - Determine likely root cause, affected identities and assets, probable scope, and the next actions that matter most. - Use targeted hunting and hypothesis-testing workflows to validate suspicious activity and uncover related activity that is not obvious from the initial alert. - Produce clear investigation records and evidence-based response recommendations that support timely decision-making through the customer approval path. - Support clear customer-facing incident handling by turning technical findings into usable evidence summaries and next-step recommendations within the defined case path. - Review escalations from Level 1 analysts and help move difficult cases forward without unnecessary reinvention. - Provide scheduled weekly on-call escalation support according to the agreed service process. - Identify visibility gaps, weak alert context, and recurring investigative friction that should feed into detection tuning, playbook refinement, or workflow improvement. - Propose practical automation ideas where repetitive investigation work can be made faster or more consistent. - Support the technical growth of other analysts through case guidance, review, and operationally useful feedback. Qualifications - Strong hands-on experience in SOC, MDR, or incident-response work. - Practical depth in investigation across endpoint, identity, email, cloud, network, and case evidence. - Strong analytical skills for investigation, hunting, and validating suspicious activity. - Ability to assess scope, impact, and urgency in higher-severity cases. - Ability to produce evidence-based recommendations and clear escalation or response records. - Strong written and verbal communication in English. - Ability to guide Level 1 analysts through technically difficult casework. - Willingness and ability to participate in weekly on-call escalation coverage. - Responsible AI literacy, including the ability to use approved AI-assisted workflows cautiously, validate outputs against source evidence, avoid entering customer-sensitive data into unapproved or public AI tools, and avoid treating AI output as evidence, approval, or authority. - Ability to challenge weak AI-assisted analysis from others when it skips evidence validation, creates false confidence, or exceeds the approved operating model. Soft Skills - Consultative Approach: Ability to explain technical risks to non-technical business stakeholders. - Communication: Excellent written and verbal communication in English (German is a strong plus). - Proactive Mindset: A history of self-driven learning (e.g., setting up a home lab, following security researchers). Nice to Have - 3-5+ years of relevant experience in cybersecurity operations, incident response, or MDR delivery. - Hands-on exposure to Microsoft Sentinel, Microsoft Defender XDR, Cortex XSOAR, Elastic Security, Vectra NDR, or similar security operations platforms. - Strong KQL or equivalent query-language experience for investigation and hunting. - Experience with Logic Apps, SOAR workflows, or operational automation. - Familiarity with ATT&CK-style analysis and coverage discussions. - PowerShell or similar scripting experience for investigation support or workflow improvement. - Microsoft SC-200, SC-100, AZ-500, or similar operational security certifications. - German would be an advantage. Benefits - Enjoy our holistic benefits program that covers the four pillars that we believe come together to support our wellbeing, covering social, physical, emotional wellbeing, as well as work-life fusion. - Physical Wellbeing: Our wellbeing program includes medical benefits, gym support, and personalised fitness options for an active lifestyle, complemented by team events and the Healthy Habits Club. - Work-Life Fusion: In very dynamic industries such as IT, the line between our professional and personal lives can quickly become blurred. Having a one-size-fits-one approach gives us the flexibility to define the work-life dynamic that works for us. - Emotional Wellbeing: We believe that to maintain our overall health, we need to invest in our mental wellbeing just as much as we do in our physical health, social connections or in achieving work-life balance. - Social Wellbeing: As a growing community in a hybrid environment, we want to ensure we remain connected not just by the great work we do every day but through our passions and interests.