CND Analyst - SOC

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.By Light has an opening for a CND Analyst - SOC supporting the Army National Guard (ARNG) in Falls Church, VA. This is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG’s global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services. The Guard Enterprise Cyber Operations Support (GECOS) program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services. GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model.This position is: Wednesday through Saturday (7am - 7pm) and every other week Thursday - Saturday (7am - 7pm).The ARNG SOC works to monitor enterprise systems, defend against security breaches, and identify, investigate, and mitigate cybersecurity threats. In support of the SOC, the Watch SOC Team staff shall:Manage the operation of the SOC and the performance of traditional SOC activities on behalf of ARNG 24/7/365 to protect DoD information systems and infrastructure.Develop a SOC Communications Plan.Support the RCC-NG in the execution of traditional SOC activities during COOP exercises at a designated COOP site. If it becomes necessary to temporarily relocate SOC operations to a selected alternate site for emergency or test scenarios, support and extend normal SOC operations to that remote location.Provide technical reports to analyze and summarize the impact of each significant incident and the recovery costs; the capability and effectiveness of Computer Network Defense (CND) sensor coverage and the O&M costs; and the number and categories of threats of concern identified by the SOC and supplied to the SOC by external Government agenciesAuthor and implement custom detection content (e.g., reports, assets, cases, connectors, customers, dashboards, field sets, files, filters, integration commands, knowledge base, lists, notifications, pattern discovery, query viewers, reports, rules, stages, and users).Tune the SIEM and IDS/IPS events to minimize false positives.Analyze and review monitoring SOC metrics.Evaluate and analyze hardware and software in coordination with and support of the RCC-NG.Improve processes including developing and refining analysis techniques.Coordinate and report ISS‐related incidents.Provide support in assembling, evaluating, and monitoring various intrusion detection sensors or tools and associated software applicationsProvide DMA support services involving forensic analyses on a variety of digital media devices and mediums to identify, reverse engineer, and de‐obfuscate content related to an incident, such as malicious contentBachelor's degree requiredDoD 8570.01-M Information Assurance Technical (IAT) Level II certificationPossess the appropriate DoD 8570 CSSP Analyst, Infrastructure, or Incident Responder certification e.g., CEH, CySA+, CCNA+, SSCP, CGIA.Minimum 5 years' IT relevent experience and 3 years SOC operations supportExperience managing firewall, IDS/IPS, and router ACL policiesExperience with vulerability management assessment and mitgationCisco CertificationPalo Alto CertificationPossess an ITIL® v3 or ITIL® 4 Foundation or a higher certification in either categoryActive SECRET DoD clearance or higherWillingness to work the required shift of Wednesday through Saturday (7am - 7pm) and every other week Thursday - Saturday (7am - 7pm).

Created: 2026-03-09