DCO Watch Analyst Tier I

Description

DCO Watch Analyst Tier I
Secret required to start, TS SCI required
As a Tier 1 Defensive Cyber Operations (DCO) Watch Analyst you will be responsible for monitoring and triaging security events within a Cybersecurity Service Provider (CSSP) environment. You will identify and validate suspicious events, elevate incidents as needed, and support basic incident response activities. This role ensures compliance with reporting requirements and operates under close supervision.

• Monitor network and host-based systems for suspicious activity using provided tools and SOPs
• Validate security events and elevate potential incidents to Tier 2 analysts per CJCSM 6510.01B guidelines
• Enter incident data into designated reporting systems with accuracy and timeliness
• Assist in managing incident response campaigns by documenting and tracking basic incident details under supervision
• Provide 24/7 support for incident response during assigned shifts, including non-core hours as needed
• Participate in training to develop familiarity with CSSP tools and processes
• Support basic log correlation tasks using tools like Splunk, Elastic, and Sentinel
• Assist in program reviews and product evaluations as directed
• Operations are conducted 24/7/365 across three regional operation centers (ROC)
• Each ROC works four ten-hour shifts (Sunday-Wednesday or Wednesday-Saturday)
• Shift placement is at the discretion of assigned managers
• Overtime may be required to support incident response actions (Surge)
• Up to 10% travel may be required

• Bachelor’s degree in relevant technical discipline or 3+ years of experience working in a CSSP, SOC, or similar environment
• Must have Secret Clearance, able to obtain Top Secret Clearance

• Experience with Log Aggregation Tools (e.g., Splunk, Elastic, Sentinel)
• Experience with IDS/IPS, host-based, and operating system logging solutions
• Knowledge of Incident Response methodologies and procedures
• Experience with digital forensics, threat hunting, and/or incident response
• Familiarity with CJCSM 6510.01B
• Strong verbal and written communication skills

• Must have requisite certifications to fulfill DoD 8570 IAT Level II and CSSP-specific requirements

• Must be IAT II and CND IR compliant. Will be required to obtain Windows OS cert – Fed VTE skill soft training with fulfill requirement (Free)
• Need to be flexible on shifts based on the nature of the work 24/365. There is a weekend rotation.
• IAT II Certs and Above: CCNA Security, CySA+ **, GICSP, GSEC, Security+ CE, CND, SSCP, CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP
• CSSP Certs: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+ **, GCIA, GCIH, GICSP, Cloud+, SCYBER, Pen Test+, SSCP, CHFI, CFR, CND, CCNA-Security, GCFA, CISA, GSNA,, CISM, CISSP, CCISO

Contract position based out of North Charleston, SC.

The pay range for this position is $35.00 – $45.00/hr.
Benefits may include medical, dental & vision,
Critical Illness, Accident, and Hospital,
401(k) Retirement Plan – Pre‑tax and Roth post‑tax contributions available,
Life Insurance (Voluntary Life & AD&D for the employee and dependents),
Short and long‑term disability,
Health Spending Account (HSA),
Transportation benefits,
Employee Assistance Program,
Time Off/Leave (PTO, Vacation or Sick Leave).

This is a hybrid position in North Charleston,SC.

This position is anticipated to close on Dec 16, 2025.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.