We are seeking a highly capable Security Operations Center (SOC) Engineer at the Mid to Senior level to support a mission-critical federal security program. This position is fully funded and set aside for a pre-identified candidate, contingent upon meeting security and technical qualifications.The successful candidate will operate in a hybrid work model with three days onsite at Suitland, MD, contributing to advanced threat detection and response efforts using Elastic SIEM technologies. This is a sensitive role requiring a high degree of integrity, discretion, and technical capability.

Key Responsibilities

• Monitor and investigate real-time security events and alerts as part of a Tier 2/3 SOC team.
• Maintain, optimize, and leverage Elastic SIEM for detection, investigation, and response.
• Perform threat hunting and correlation of complex security incidents.
• Conduct forensic analysis and produce actionable incident reports.
• Collaborate with threat intelligence, engineering, and compliance teams to enhance detection logic.
• Ensure compliance with federal cybersecurity standards and program requirements.
• Participate in continuous improvement of SOC playbooks, automation, and response workflows.

Required Qualifications

• Active TS/SCI clearance.
• 4+ years of hands-on SOC or cybersecurity operations experience.
• Proficiency with Elastic SIEM and related data ingestion/log analysis tools.
• Strong working knowledge of detection engineering, network security, and endpoint defense.
• Familiarity with threat actor TTPs and frameworks such as MITRE ATT&CK.
• Excellent written and verbal communication skills for reporting and escalation.
• U.S. citizenship is required due to federal contract requirements.

Eligibility and Clearance Requirements

• This role requires an active TS/SCI clearance
• Applicants will be evaluated in accordance with federal adjudicative guidelines, including those related to foreign influence, allegiance, and national security risk.
• Due to contractual obligations, only U.S. citizens will be considered. Applicants must be eligible for access to sensitive government systems and facilities.

Preferred Qualifications

• Security certifications such as GCIA, GCIH, CISSP, CEH, or OSCP.
• Familiarity with cloud security monitoring (e.g., AWS GuardDuty, Azure Sentinel).
• Experience working in or supporting government or defense-related environments.
• Exposure to SOAR platforms and threat intelligence integration.