Job Specifications
Job Description
Morton is seeking an experienced Incident Responder / SOC Analyst to strengthen cybersecurity operations and enhance threat detection and response capabilities for our client in Richmond, VA. This role is responsible for investigating and mitigating cybersecurity threats to ensure the confidentiality, integrity, and availability of critical IT systems and data.
The selected candidate will perform responsibilities aligned with Tier 1 and Tier 2 SOC Analyst functions under the NICE framework. This includes monitoring security platforms, managing security incidents, conducting in-depth investigations, leveraging threat intelligence, and supporting containment and recovery efforts.
This is a hybrid position (3-4 days per week). During initial onboarding/training, up to 5 days per week onsite may be required. Occasional in-state travel may be required.
Key Responsibilities
Monitor and triage alerts from SIEM, EDR, and NDR tools to distinguish false positives from actionable threats.
Investigate security incidents to validate severity, scope, and impact.
Analyze attack telemetry and convert raw data into actionable threat intelligence.
Escalate complex incidents to senior analysts for advanced forensic analysis or malware review.
Leverage threat intelligence sources (IOCs, detection rules, MITRE ATT&CK, CISA advisories, etc.) to enhance investigations and detection capabilities.
Assist in containment strategies including host isolation, account lockdown, and network segmentation.
Coordinate system recovery efforts and ensure secure restoration.
Update and refine incident response playbooks based on lessons learned and emerging threats.
Assist with SIEM tuning and detection rule optimization to improve alert fidelity.
Prepare detailed incident reports for internal stakeholders.
Document findings thoroughly in case management/ticketing systems.
Collect and preserve evidence (logs, emails, file hashes, process trees) per standard procedures.
Track and close tickets to ensure SLA compliance and proper shift handoffs.
Contribute to continuous improvement efforts across security operations.
Required Qualifications
2–5 years of experience in cybersecurity operations, incident response, or SOC environments.
Strong understanding of:
Incident Response Lifecycle (NIST 800-61 or similar frameworks)
Threat intelligence and IOC correlation
Network protocols (TCP/IP, DNS, HTTP) and log analysis
Hands-on experience with:
SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel)
EDR tools (e.g., CrowdStrike, Microsoft Defender, Cisco Secure Endpoint)
Threat intelligence platforms and IOC feeds
Familiarity with Active Directory, Azure AD, and identity management concepts.
Working knowledge of scripting (PowerShell or Python) for automation and data parsing.
Ability to contain and remediate incidents using established playbooks.
Strong documentation and communication skills (technical and non-technical audiences).
Preferred Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
Industry certifications (earned or in progress), such as:
CompTIA Security+ or CySA+
GIAC (GCIA, GCIH, GCFA)
CISSP (in progress acceptable)
Microsoft SC-900 or SC-200
Splunk Core User or equivalent
Experience with:
SOAR automation
Packet capture and analysis tools (e.g., Wireshark)
Cloud security tools and concepts (Azure, AWS)
Tools such as Qualys, Splunk, Cisco Secure Access, ThousandEyes, DUO, Cloudflare
Ticketing systems such as ServiceNow or Jira