Expertise and Technology for National Security
Security Operations Center Specialist
Location
United States
Posted
2 days ago
Salary
$90.3K - $189.6K / year
Seniority
Lead
Job Description
Security Operations Center Specialist
CACI International Inc
• Monitor security events and incident logs from various sources, including network devices, servers, endpoints, and security tools. • Identify and analyze potential security incidents and anomalies, taking appropriate actions to investigate and escalate as required. • Participate in incident response activities, including containment, eradication, and recovery procedures. • Work closely with incident response teams and IT staff to mitigate the impact of security incidents and minimize the risk of recurrence. • Stay updated with the latest cybersecurity threats and attack vectors. • Analyze threat intelligence reports to proactively detect and respond to emerging threats. • Operate and maintain security tools, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), antivirus, and other security-related solutions. • Conduct in-depth analysis of security incidents, perform digital forensics, and document findings for future reference and improvement. • Prepare and submit detailed incident reports, including root cause analysis and recommended remediation actions, to senior management and stakeholders. • Implement continuous monitoring processes to ensure ongoing visibility into the security posture of the organization. • Perform regular audits of security controls and configurations. • Collaborate with the security awareness team to provide input into security training materials and awareness campaigns for employees, enhancing the overall security culture. • Ensure compliance with established security policies, standards, and procedures. • Assist in the development and maintenance of security policies as necessary. • Provide clear and concise shift handover reports to SOC colleagues, ensuring accurate communication of ongoing incidents and pertinent information.
Job Requirements
- Ability to maintain TS/SCI clearance
- 10+ years’ experience (Bachelor’s degree in relevant field may be substituted for 5 years of relevant experience)
- Proven experience in a Security Operations Center (SOC) or similar role, with hands-on experience in security monitoring, incident detection, and response.
- In-depth knowledge of cybersecurity principles, threat landscape, and attack vectors.
- Familiarity with security tools and technologies, such as SIEM, IDS/IPS, antivirus, and endpoint detection and response (EDR) systems.
- Understanding of incident response procedures and methodologies, including forensic analysis.
- Strong analytical and problem-solving skills, with the ability to make quick decisions under pressure.
- Excellent communication skills to collaborate effectively with other team members, management, and external stakeholders.
- Required DoD 8140 compliant certification such as CompTIA Security+
- Other relevant cybersecurity certifications like Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM), are a plus.
- Knowledge of industry compliance standards (e.g., NIST) and relevant regulations (e.g., GDPR, HIPAA) is advantageous.
- Willingness to work in a 24/7 rotational shift environment, including weekends and holidays.
Benefits
- healthcare
- wellness
- financial
- retirement
- family support
- continuing education
- time off benefits
Related Guides
Related Categories
Related Job Pages
More Security Operations Jobs
• Driving the design and implementation of defense-in-depth infrastructure and application security solutions for our customer facing SaaS platform in AWS public cloud environments • Driving architecture, implementation, configuration and automation of native and third party cloud security solutions for hardening, detection, prevention, logging and response solutions for security vulnerabilities and threats • Provide thought leadership with a security bent of mind to the organization • Working closely with Product, Engineering and IT in a DevSecOps model on technologies like FWs, ACLs, WAFs, IAM roles and permissions, Vulnerability management and hardening, Threat and Intrusion detection, Kubernetes Container Security solutions, Pen Test and endpoint security • Assisting in incident response and triaging activities as needed for security incidents and events • Using AI in security operations to streamline and optimize the security incident management, resolution.
Role Description Our Cyber Security Operations Centre (CSOC) is a fully internal team responsible for threat detection, investigation, and incident response. The CSOC's mission centres on threat investigation and continuously refining the organisation's ability to detect and respond to incidents — catching threats early to mitigate and minimise impact. The team works with an advanced toolset anchored by Palo Alto XSIAM as the SIEM and investigation platform, drawing on telemetry from a wide range of sources including endpoint agents, cloud infrastructure, network controls, and application-layer signals from platforms such as Cloudflare. We are building towards a modern, AI-augmented CSOC — one where agentic investigation pipelines handle first-pass triage and analysis, and our analysts focus on validation, quality assurance, and complex threat investigation. This role requires analytical thinking, a willingness to work with and improve automated systems, and genuine curiosity about how threats manifest in cloud-native environments. A CSOC Analyst is an independently operating practitioner: someone who can own incidents end-to-end, write and maintain detection content, critically assess the conclusions of AI-driven investigation pipelines, and act as a capable on-call responder. This role is ideal for an analyst with solid foundations who is ready to take on greater ownership and is growing towards a senior or specialist track. - Triage, investigate, and analyse security incidents — own alerts from initial triage through to resolution or escalation, working within XSIAM as the primary investigation and case management platform - Validate agentic investigation conclusions — review, challenge, and provide structured feedback on AI-driven investigation outputs; identify false positives, missed signals, or incorrect conclusions, and feed insights back to improve automated pipeline quality - Write and maintain playbooks — author, review, and iterate on detection and response playbooks; ensure playbooks reflect current threat landscape, tooling, and team processes; follow playbooks consistently during incident response - Implement and tune correlation rules — develop and refine XSIAM correlation rules to improve detection fidelity; reduce false positive rates through systematic tuning; document changes and rationale - Handle cloud security incidents — investigate incidents originating in or involving cloud infrastructure (AWS, GCP, or Azure); understand cloud-native attack paths, misconfigurations, and threat indicators - Participate in the on-call rota — share on-call responsibility with the wider team; respond to critical and high-severity incidents outside business hours in line with defined SLAs - Contribute to threat detection improvement — proactively identify detection gaps, propose new use cases, and collaborate with Security Engineering to implement them - Support threat intelligence operationalisation — apply threat intelligence to detection, investigation, and hunting activities; consume and act on intelligence from internal and external sources Qualifications - SIEM and investigation platform proficiency — hands-on experience working in a SIEM for alert triage, investigation, and case management; familiarity with query languages used for log analysis (XQL, KQL, SPL, or equivalent) - Incident response competency — demonstrable experience investigating and responding to security incidents across a range of alert types (endpoint, network, identity, cloud); ability to follow and apply structured response methodologies - Detection engineering foundations — experience writing or tuning detection rules, correlation logic, or detection-as-code; understanding of what makes a detection effective and how to reduce noise - Cloud security knowledge — practical understanding of cloud environments (AWS, GCP, or Azure) as they relate to security; experience investigating cloud security incidents or misconfigurations - Endpoint telemetry analysis — ability to interpret endpoint telemetry during investigations; familiarity with the types of signals and indicators surfaced by endpoint agents - Playbook literacy — experience following formal incident response playbooks; ideally, experience writing or reviewing them - Analytical judgement — ability to critically evaluate evidence, assess confidence in conclusions, and make sound decisions with incomplete information - Communication — clear written communication; able to document investigations, produce concise incident summaries, and brief stakeholders appropriately - Ownership and accountability — takes end-to-end ownership of assigned incidents and tasks; follows through without requiring frequent prompting; flags blockers proactively Requirements - Direct experience with Palo Alto XSIAM or Cortex XDR — familiarity with the platform we use day-to-day - Cloud security certification — AWS Security Specialty, GCP Professional Cloud Security Engineer, or equivalent - Experience with agentic or AI-assisted security tooling — prior exposure to AI-driven investigation or SOAR platforms, and an understanding of their limitations - Threat intelligence experience — familiarity with structured threat intel (MITRE ATT&CK, STIX/TAXII, threat feeds) and how to operationalise it - Scripting or automation skills — Python, Bash, or similar; ability to write simple automation or tooling to support investigations - Experience in a food delivery, e-commerce, or high-scale consumer platform environment - Relevant certifications: GCIA, GCIH, GCFE, SC-200, or similar Benefits - Team Vibes: Thrive in a collaborative culture where your ideas matter. - Tasty Perk: Enjoy a monthly Skip spend allowance – treat yourself! - More Time Off: Generous PTO with a buy and sell program with up to 5 extra days! - Family First: Up to 20 weeks top up for parental leave. - Premium Benefits: Flexible medical & dental insurance for you and your family. - Keep Learning: Access world-class training resources to power your success. - Perks Galore: Exclusive offers from Workperks from hundreds of top brands. - Future Funded: RRSP contributions with diverse investment portfolios. - We’ve Got You: Access paid sick time to care for yourself or your family when life happens & access to our well-being support programs. - Digital Nomads: Enjoy the freedom to work from almost anywhere in the world for 4 weeks a year. - Career Growth: Fuel your personal and professional evolution through our dedicated mentorship, global mobility pathways, and a wellness-first culture rooted in true diversity and inclusion. Company Description Just Eat Takeaway is one of the world's leading online food delivery marketplaces, connecting millions of customers with hundreds of thousands of restaurant partners across multiple continents. Operating at significant scale across markets including the UK, Canada, Australia, and Europe, we depend on robust and resilient security operations to protect our customers, partners, and platform.
Security Operations Analyst
Just Eat Takeaway.comEgal, wer Du bist, wie Du aussiehst, wen Du liebst oder woher Du kommst, bei Just Eat Takeaway.com findest Du Deinen Platz. Wir setzen uns dafür ein, eine integrative Kultur zu schaffen, die die Vielfalt der Menschen und des Denkens fördert.
Role Description Our Cyber Security Operations Centre (CSOC) is a fully internal team responsible for threat detection, investigation, and incident response. The CSOC's mission centres on threat investigation and continuously refining the organisation's ability to detect and respond to incidents — catching threats early to mitigate and minimise impact. The team works with an advanced toolset anchored by Palo Alto XSIAM as the SIEM and investigation platform, drawing on telemetry from a wide range of sources including endpoint agents, cloud infrastructure, network controls, and application-layer signals from platforms such as Cloudflare. We are building towards a modern, AI-augmented CSOC — one where agentic investigation pipelines handle first-pass triage and analysis, and our analysts focus on validation, quality assurance, and complex threat investigation. This role requires analytical thinking, a willingness to work with and improve automated systems, and genuine curiosity about how threats manifest in cloud-native environments. A CSOC Analyst is an independently operating practitioner: someone who can own incidents end-to-end, write and maintain detection content, critically assess the conclusions of AI-driven investigation pipelines, and act as a capable on-call responder. This role is ideal for an analyst with solid foundations who is ready to take on greater ownership and is growing towards a senior or specialist track. - Triage, investigate, and analyse security incidents — own alerts from initial triage through to resolution or escalation, working within XSIAM as the primary investigation and case management platform - Validate agentic investigation conclusions — review, challenge, and provide structured feedback on AI-driven investigation outputs; identify false positives, missed signals, or incorrect conclusions, and feed insights back to improve automated pipeline quality - Write and maintain playbooks — author, review, and iterate on detection and response playbooks; ensure playbooks reflect current threat landscape, tooling, and team processes; follow playbooks consistently during incident response - Implement and tune correlation rules — develop and refine XSIAM correlation rules to improve detection fidelity; reduce false positive rates through systematic tuning; document changes and rationale - Handle cloud security incidents — investigate incidents originating in or involving cloud infrastructure (AWS, GCP, or Azure); understand cloud-native attack paths, misconfigurations, and threat indicators - Participate in the on-call rota — share on-call responsibility with the wider team; respond to critical and high-severity incidents outside business hours in line with defined SLAs - Contribute to threat detection improvement — proactively identify detection gaps, propose new use cases, and collaborate with Security Engineering to implement them - Support threat intelligence operationalisation — apply threat intelligence to detection, investigation, and hunting activities; consume and act on intelligence from internal and external sources Qualifications - SIEM and investigation platform proficiency — hands-on experience working in a SIEM for alert triage, investigation, and case management; familiarity with query languages used for log analysis (XQL, KQL, SPL, or equivalent) - Incident response competency — demonstrable experience investigating and responding to security incidents across a range of alert types (endpoint, network, identity, cloud); ability to follow and apply structured response methodologies - Detection engineering foundations — experience writing or tuning detection rules, correlation logic, or detection-as-code; understanding of what makes a detection effective and how to reduce noise - Cloud security knowledge — practical understanding of cloud environments (AWS, GCP, or Azure) as they relate to security; experience investigating cloud security incidents or misconfigurations - Endpoint telemetry analysis — ability to interpret endpoint telemetry during investigations; familiarity with the types of signals and indicators surfaced by endpoint agents - Playbook literacy — experience following formal incident response playbooks; ideally, experience writing or reviewing them - Analytical judgement — ability to critically evaluate evidence, assess confidence in conclusions, and make sound decisions with incomplete information - Communication — clear written communication; able to document investigations, produce concise incident summaries, and brief stakeholders appropriately - Ownership and accountability — takes end-to-end ownership of assigned incidents and tasks; follows through without requiring frequent prompting; flags blockers proactively Requirements - Direct experience with Palo Alto XSIAM or Cortex XDR — familiarity with the platform we use day-to-day - Cloud security certification — AWS Security Specialty, GCP Professional Cloud Security Engineer, or equivalent - Experience with agentic or AI-assisted security tooling — prior exposure to AI-driven investigation or SOAR platforms, and an understanding of their limitations - Threat intelligence experience — familiarity with structured threat intel (MITRE ATT&CK, STIX/TAXII, threat feeds) and how to operationalise it - Scripting or automation skills — Python, Bash, or similar; ability to write simple automation or tooling to support investigations - Experience in a food delivery, e-commerce, or high-scale consumer platform environment - Relevant certifications: GCIA, GCIH, GCFE, SC-200, or similar Benefits - Team Vibes: Thrive in a collaborative culture where your ideas matter. - Tasty Perk: Enjoy a monthly Skip spend allowance – treat yourself! - More Time Off: Generous PTO with a buy and sell program with up to 5 extra days! - Family First: Up to 20 weeks top up for parental leave. - Premium Benefits: Flexible medical & dental insurance for you and your family. - Keep Learning: Access world-class training resources to power your success. - Perks Galore: Exclusive offers from Workperks from hundreds of top brands. - Future Funded: RRSP contributions with diverse investment portfolios. - We’ve Got You: Access paid sick time to care for yourself or your family when life happens & access to our well-being support programs. - Digital Nomads: Enjoy the freedom to work from almost anywhere in the world for 4 weeks a year. - Career Growth: Fuel your personal and professional evolution through our dedicated mentorship, global mobility pathways, and a wellness-first culture rooted in true diversity and inclusion. Company Description Just Eat Takeaway is one of the world's leading online food delivery marketplaces, connecting millions of customers with hundreds of thousands of restaurant partners across multiple continents. Operating at significant scale across markets including the UK, Canada, Australia, and Europe, we depend on robust and resilient security operations to protect our customers, partners, and platform.
Senior Software Engineer II – IT Operations Management
RenishawLexisNexis® Risk Solutions provides customers with solutions and decision tools that combine public and industry specific content with advanced technology and analytics to assist them in evaluating and predicting risk and enhancing operational efficiency. We use the power of data and advanced analytics to help our customers make better, timelier decisions. By bringing clarity to information, we ultimately help make communities safer, insurance rates more accurate, commerce more transparent, business decisions easier and processes more efficient. You can learn more about LexisNexis Risk at the link below: LexisNexis Risk Solutions
Role Description This role supports IT Operations Management (ITOM) by designing and delivering automation and integration solutions across physical datacenter infrastructure, private cloud, and public cloud environments. You will translate operational requirements into durable, observable software solutions that improve visibility, reporting, and operational effectiveness across a hybrid infrastructure footprint. You’ll also help strengthen engineering practices through collaboration, code reviews, and mentoring. Responsibilities - Design and deliver automation and integration solutions across ITOM platforms, fleet management tooling, and observability systems - Build and maintain APIs and data pipelines supporting IT operations visibility and reporting - Support and automate operations across physical datacenter infrastructure (hardware lifecycle, provisioning, asset tracking) and virtualized/cloud environments - Apply IT governance practices and fleet management discipline across managed endpoints and infrastructure - Collaborate with operations, infrastructure, and service management teams to identify gaps and translate them into engineered solutions - Apply AI tooling fluently and deliberately to accelerate delivery and improve solution quality - Mentor junior engineers on development methodology, automation patterns, and operational best practices - Participate in code reviews and uphold engineering standards across the team while keeping abreast of emerging developments in IT operations tooling and AI-augmented engineering Qualifications - Experience with IT operations platforms (ServiceNow or equivalent) strongly preferred, including ServiceNow development such as Flow Designer, Business Rules, REST APIs, and CMDB - Experience with hybrid or multi-tier infrastructure environments (physical datacenter + cloud) strongly preferred - Proficiency in PowerShell and/or Python for automation and systems integration - Experience across hybrid infrastructure platforms: Azure, AWS, private cloud (VMware, Hyper-V, Proxmox, OpenStack), and physical datacenter operations (Dell hardware, rack/stack, lifecycle management) - Experience with endpoint management, agent-based data collection, fleet management tooling, and IT governance practices - Familiarity with infrastructure-as-code or cloud automation patterns (ARM, Terraform, PowerShell DSC, or equivalent) a plus - Strong understanding of data modeling and SQL (MySQL or equivalent), with proficiency in API design and consumption (REST/JSON) - Demonstrated ability to leverage AI-assisted development tools as part of standard engineering practice, with knowledge of observability and monitoring platforms a plus - Strong oral and written communication skills to translate operational requirements into technical designs Requirements - U.S. National Base Pay Range: $95,300 - $158,800. Geographic differentials may apply in some locations to better reflect local market rates. - If performed in New Jersey, the base pay range is $112,574 - $179,826. - If performed in Ohio, the base pay range is $90,500 - $150,900. - This job is eligible for an annual incentive bonus. Benefits - We are delighted to offer country specific benefits. - We are committed to providing a fair and accessible hiring process. - If you have a disability or other need that requires accommodation or adjustment, please let us know.


