Cyber Operations Analyst - SOC Threat Management; Swing Shift

At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.

phia is hiring a Cyber Operations Analyst (SOC Threat Management) to support 24x7 operations in a large Federal agency Cyber Security Operations Center (CSOC). This role focuses on advanced cyber threat monitoring & detection, incident analysis, and leveraging AI/ML and automation to enhance SOC efficiency. The ideal candidate will have strong expertise in network traffic analysis, cyber threat intelligence analysis, and hands-on experience with modern security tools and cloud environments.

This shift-based position offers REMOTE work flexibility with a schedule of Thursday - Monday, 3:30 PM - 11:30 PM ET (Tuesday and Wednesday off). Qualified candidates will be U.S. Citizens and located in the United States, able to achieve Public Trust security vetting approval.

• Support 24x7 monitoring, detection, and management of advanced cyber threats.
• Perform deep-dive incident analysis by correlating data from multiple sources to determine impact on critical systems or datasets.
• Execute operational processes in support of response efforts to identified security incidents.
• Analyze network traffic to identify exploit or intrusion attempts, and recommend, implement, and tune detection mechanisms.
• Provide subject matter expertise on network-based attacks, intrusion methodologies, and threat management.
• Escalate complex incidents for further investigation and collaborate with other Threat Management team members.
• Utilize AI/ML-based tools to detect anomalies, automate triage, and improve threat intelligence.
• Conduct threat intelligence analysis to assess risk and adapt defenses using ML-enhanced tools.
• Manage email security using ProofPoint and respond promptly to threats.
• Configure and optimize Splunk for log analysis, alerting, and incident investigation.
• Deploy and monitor Sentinel One agents, Fire Power detection rules and configurations, and enforce robust security measures.
• Monitor and respond to alerts across platforms including Microsoft Defender XDR, Defender for Endpoint, Defender for Office 365, Azure Entra , and Google Cloud SCC.
• Tune security policies, maintain visibility into cloud and endpoint environments, and support continuous improvement of security posture.
• Identify and implement automation use cases leveraging AI/ML and SOAR capabilities.
• Stay current on cybersecurity trends, threat actors, and AI/ML advancements relevant to SOC operations.

• Experienced in cyber/IT security with at least 3+ years in cybersecurity/SOC analysis and operations.
• Familiarity with Artificial Intelligence / Machine Learning (AI/ML) capabilities, and their application to cyber analysis and SOC operations.
• Skilled in network traffic analysis and threat detection methodologies.
• Strong understanding of Boolean logic, TCP/IP fundamentals, network-level exploits, and IDS/IPS technologies.
• Familiar with control frameworks, risk management techniques, and cloud security (AWS, Azure, GCP).
• Hands-on experience with cybersecurity automation and SOAR platforms.
• Proficient in using ML frameworks for anomaly detection, threat intelligence, and behavioral analysis.
• Excellent communication, organizational, and interpersonal skills.

• Experience with Splunk, ProofPoint, Cisco Fire Power, Sentinel One, and Microsoft Defender suite.
• Expertise with IDS/IPS architectures, signature creation, and anomaly-based detection.
• Strong data analysis and feature engineering skills for ML-based security models.
• Direct experience with AI/ML applications in SOC environments, including automated threat detection and predictive analytics.

• BA/BS in Computer Science, IT, or related field (or equivalent experience).
• 3+ years of direct experience in cybersecurity and SOC analysis & operations

• GIAC Certified Enterprise Defender (GCED)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Detection Analyst (GCDA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Defending Advanced Threats (GDAT)
• GIAC Security Operations Certified (GSOC)
• Certified Information Systems Security Professional (CISSP)

• U.S. Citizenship required
• Ability to obtain Public Trust clearance

WORK SCHEDULE: Thursday-Monday, 3:30 PM - 11:30 PM ET

WORK LOCATION:

Remote
DAYS OFF:
Tuesday and Wednesday
TRAVEL: N/A
TELEWORK ELIGIBILITY: Yes
SECURITY REQUIREMENTS: Public Trust

phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations…