Tier 2 SOC Analyst

DescriptionDragonfli Group is a cybersecurity and IT consulting firm based out of Washington, DC. We provide strategic services to both federal agencies and large commercial enterprises. Our consultants support a diverse array of project environments, including fully remote, hybrid, and on-site roles, with contract durations ranging from a few months to several years.The Tier 2 SOC Analyst will support a cybersecurity operations mission for a large federal agency (i.e., USPS). In this critical role, you’ll serve as a frontline defender—correlating complex data sources, investigating incidents, and mitigating evolving threats that target enterprise networks and sensitive assets.You’ll act as a subject matter expert on intrusion methodologies, network-based attacks, and threat detection across hybrid and cloud environments. Analysts in this role are expected to conduct deep-dive incident investigations, advise on remediation strategies, and take ownership of technical execution for key defense operations.This position demands precision, urgency, and technical depth. You will be responsible for the following:•Identifying cybersecurity risks and recommending proactive controls•Analyzing network traffic to detect exploits, lateral movement, and intrusions•Advising on detection mechanisms for exploit attempts•Investigating security alerts using SIEM platforms like Splunk and tuning detection rules•Managing email threat vectors via ProofPoint and responding to phishing or spoofing attacks•Deploying and monitoring SentinelOne agents for endpoint defense•Configuring Cisco FirePower for network visibility and enforcing protections•Monitoring signals from Microsoft Defender for Cloud Apps, Endpoint, XDR, and Office 365•Conducting investigations within Azure Entra ID and Google Cloud SCC•Coordinating incident response workflows and following defined SOPs and playbooks•Escalating advanced threats to the broader Threat Management team when needed•Continuously improving security posture through tuning, analysis, and threat intel feedback loopsThis is a high-impact, fully remote position. Candidates must reside within the continental United States and hold U.S. citizenship or lawful permanent residency. A minimum of 4 years’ hands-on experience in a SOC, IR, or cyber defense role is required.RequirementsMust-Have:4+ years of hands-on experience in a Security Operations Center (SOC), incident response, or cyber threat detection roleProven ability to analyze network traffic for exploits, intrusions, and abnormal behaviorDemonstrated expertise using SIEM tools, especially Splunk, for log analysis, correlation, and alert tuningPractical experience managing email threats via ProofPoint, including phishing identification and responseFamiliarity with Cisco FirePower for network monitoring, policy configuration, and intrusion preventionProficient in deploying, monitoring, and interpreting alerts from SentinelOne or other EDR platformsHands-on experience with the Microsoft Defender Suite (Cloud Apps, Endpoint, XDR, Office 365)Experience with Azure Entra ID (formerly Azure AD) and Google Cloud Security Command Center (SCC) for cloud visibility and threat analysisAbility to follow and apply security playbooks and SOPs during active incident handlingStrong working knowledge of threat actor behaviors, intrusion methodologies, and detection strategiesAbility to independently perform threat triage, remediation recommendations, and escalation of advanced threatsU.S. Citizenship or Permanent Resident status required (due to federal client constraints)Must currently reside—and be willing to work exclusively—from within the continental United StatesClear, concise communication skills for documenting findings and collaborating with remote teamsHigh personal integrity; must be willing to verify identity and commit to non-use of AI tools during all assessments and interviewsSkill(s)NoneBenefitsInsurance - health, dental, and visionPTO & 11 Federal Holidays401(k), employer matchTravelNoneOriginally posted on Himalayas Apply tot his job