SOC Analyst, night shift

Clearance Level
Information Security
Washington, District of Columbia

REQ#: RQ109422

Travel Required: None
Requisition Type: Regular

We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country.

We are seeking a SOC analyst in Washington, DC. This position is a night shift role with a schedule of Thurs, Fri, Sat plus alternating Sundays 7 PM – 7 AM. This role is projected for a three month duration with the possibility of an extension.

Responsibilities include:

  • Monitor the security tools at the OCC CDC CEM (including but not limited to a SIEM-based solution, IPS/IDS, Firewall, Anti-Malware, Endpoint Security, Web Application Firewall, etc.) to maintain situational awareness to satisfy the CEM 24x7 monitoring requirement.
  • Proactively protect the OCC.  The CEM analyst will look for unusual activity by reviewing all available information including (but not limited to) the above referenced tools and investigate any unusual, detected activity.
  • Investigate all security alerts received by the CEM.  Investigations will make use of all tools and log files possible.  Investigations will determine if the alert is a false positive, a security event, an actual attack, and/or a security incident.  Investigation will answer and report on the who, what, where, when, and how of the occurrence.  Investigations will report on any actions taken to contain and/or remediate the situation and include any recommendations for further action.  Investigations will include a historical summary of previous investigations of the same alert.
  • Investigate anything requested by management or the CSO at their discretion.  The investigation will be performed as described above.
  • Provide cybersecurity root-cause analysis in support of any tickets for which it fails to meet the Acceptable Quality Levels (AQLs) specified in the Performance Requirement Summary (PRS).  This root-cause analysis will include documenting recommendations for corrective action.
  • Escalate any security incident (the confidentiality, integrity, or availability of any information or information asset is negatively impacted) to the Incident Response (IR) team.  Further, the CEM analyst will enlist the assistance of IR for any situation that exceed the skills of the CEM analyst / team, or that require more manpower than is available to the CEM team.
  • Perform a shift handoff at the end of every shift.  The shift handoff will provide situational awareness to the incoming shift.  The shift handoff will also instruct the incoming shift to continue/finish investigations, reports and other work that was not completed by the outgoing shift, and provide all details required for the incoming shift to easily pick up the work where it was left off.  The shift handoff information will be recorded in the shift report in the format described in the shift report SOP.
  • Will write and distribute reports, including but not limited to the Shift Report, the Daily Virus Report, the Daily Activities Report, Daily Shift Tracker, the Weekly Activities Report, the Blue Coat Report, Investigation Reports, etc., as described in their respective SOP, ad hoc - as the need arises, or as directed by management.
  • Will write reports on investigations, other reports, emails or any other communications that use proper spelling and grammar, are easily understood, logically constructed, and complete to the point that no likely questions remain unanswered.
  • Will process and complete tickets received from ServiceNow such as Non-Standard Software Requests, Unblock Requests, Lost and Stolen, etc., in the manner as described in their respective SOPs.  Any ServiceNow tickets not completed and closed by the end of the shift must be handed off to the next shift for completion.
  • Will process and complete tickets received from CDC Tracker.  Any CDC Tracker tickets not completed and closed by the end of the shift must be handed off to the next shift for completion.
  • Will investigate all reported suspicious emails and determine whether the email is malicious, non-malicious or legitimate.  The CEM analyst will categorize, and file reported email messages to support tracking and reporting activities.  The CEM analyst will reply to the user who reported the suspicious email with a message reporting the determination and any recommendations.
  • Will maintain their laptop and all software therein in a state of readiness necessary to support all activities required of the CEM analyst.
  • Will read all email messages they receive and handle each as required by either responding, investigating, reporting, acknowledging, filing and categorizing for future reference, etc.
  • Will attend all meetings and conference calls that may be required.  The CEM analyst will take notes as appropriate and report pertinent information to the rest of the CDC as appropriate.
  • Will update their timesheet daily and keep it current as of the close of that day.
  • Will assist coworkers where necessary, including but not limited to onboarding, training, investigations, reports, etc.
  • Will complete required periodic training such as Security Awareness Training, Privacy Training, Sexual Harassment Training, etc.
  • Will perform other duties as assigned by management.  Other duties can even include duties normally assigned to different teams, such as Indicator Bulletins, Weekly Reports, etc.


Minimum of 1 year of experience in Security Operations Center (SOC) environment, exceptions may apply based on other factors.

Splunk Power User. Familiar with FireEye endpoint agents\Log Analysis. Working knowledge of policies, procedures, and protocols of a government Security Operations Center. Bachelor of Science in Computer Science, Systems Engineering, Cybersecurity, Information Technology or related area. Strong verbal and written communications skills.


At least one of the following:

Security + (Preferred)

Network +


Knowledge of numerous security tools and technologies to include some of the following and/or closely comparable security technologies: Splunk Power User, IDS/IPS, web application firewalls, anti-virus endpoint protection, FireEye systems, and others. ServiceNow experience. Experience at the U.S. Department of Treasury. Previous SOC experience at a Federal agency similar in size, scope, and complexity.

COVID-19 Vaccination Requirement: To protect the health and safety of its employees and to comply with customer requirements, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.