CSOC Sr. Cyber Defense Analyst

Join to apply for the CSOC Sr. Cyber Defense Analyst role at theta.

theta. is an SBA‑Certified 8(a) & HUBZone digital integration and management firm based in Baltimore, MD. We specialize in delivering software, services, and tools that enhance efficiency, security, and accessibility in government operations, and we are committed to bridging the gap between innovation and practical public‑interest applications.

We’re seeking a Sr. Cyber Defense Analyst to join our team, supporting the Department of Veterans Affairs’ Cybersecurity Operations Center (CSOC). In this role you will serve as a technical leader in detection engineering and automation, building, tuning, and operationalizing advanced cybersecurity analytics that defend national systems serving veterans and the public.

• Engineer and tune detections across Splunk, Microsoft Sentinel, Defender for Endpoint, and other monitoring tools to detect advanced threats in real time.
• Design and implement detection logic, map activity to MITRE ATT&CK, and reduce false positives through feedback loops and automated correlation.
• Leverage SOAR platforms to automate enrichment, containment, and remediation workflows for high‑priority threats.
• Onboard and operationalize new data sources, ensuring data quality, completeness, and performance consistency.
• Apply machine learning and pattern analysis techniques to identify anomalies and improve detection accuracy.
• Lead detection optimization efforts across cloud, SaaS, identity, and networking environments.
• Collaborate with cross‑functional teams (IR, Forensics, Threat Intel, IT, and Network Engineering) to align threat detection with enterprise operations.
• Participate in cybersecurity exercises, simulations, and continuous improvement of analytics and automation processes.

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related discipline – or equivalent practical experience.
• 8+ years of experience supporting large‑scale IT or cybersecurity programs, including 4+ years in enterprise SOC or IR environments.
• Deep understanding of security analytics, detection engineering, and incident response methodologies.
• Proficiency with SIEM, IDS/IPS, EDR, and SOAR platforms (e.g., Splunk, Microsoft Sentinel, Defender for Endpoint).
• Experience mapping detections to MITRE ATT&CK and tuning detections for high signal fidelity.
• Strong scripting or query development skills (SPL, KQL, or Python).
• Excellent written and verbal communication skills.
• U.S. Citizenship required.
• Must be able to meet any other requirements for government contracts for which you are hired (e.g., Security Clearance).
• Some of our clients may occasionally require travel. If this concerns you, we encourage you to apply and discuss it with us at your initial interview.

• SANS certifications such as GCFE, GCIH, GNFA, or equivalent level are strongly preferred.
• Experience operationalizing detections in cloud‑native security tooling (Azure Sentinel, AWS Guard Duty, Google Chronicle).
• Familiarity with machine learning models and behavioral analytics for anomaly detection.
• Experience developing and implementing feedback processes for continuous tuning and performance improvement.

• Collaborate with a talented and passionate team committed to making a difference.
• Work on impactful projects that directly contribute to the efficiency and effectiveness of our country’s operations.
• Enjoy a supportive and inclusive work environment that fosters growth and development.
• Benefit from a competitive compensation package, including comprehensive health benefits, retirement plans, and flexible work arrangements.

Salary Range: $120,000 – $150,000 (DOE and project‑specific details)