Cybersecurity SOC Analyst

Bachelor's degree in a related specialized area or equivalent is required plus a minimum of 2 years of relevant experience; or Master's degree plus a minimum of 0 years of relevant experience.

Due to the nature of work performed within our facilities, U.S. citizenship is required.

The General Dynamics Mission Systems (GDMS) Security Operations Center (SOC) is seeking a Cybersecurity SOC Analyst with deep, hands-on expertise in Cloud Security across both Microsoft Azure and Amazon Web Services (AWS) environments. The ideal candidate will possess advanced proficiency in Splunk Search Processing Language (SPL), sophisticated threat detection methodologies, and proven incident response capabilities in complex, multi-cloud architectures.

This is a critical, high-impact role responsible for monitoring, analyzing, and responding to security events across GDMS's enterprise and program environments, with a primary focus on cloud-native threats, misconfigurations, and advanced persistent threats (APTs). The successful candidate will bring a strong understanding of cloud security frameworks and cloud-native security tooling to proactively defend GDMS's mission-critical infrastructure.

REPRESENTATIVE DUTIES AND TASKS:

• Develop and optimize advanced Splunk SPL queries, dashboards, and correlation searches within Splunk Enterprise Security (ES), with a focus on cloud-native log sources from Azure, AWS CloudTrail, and cloud security services
• Maintain and continuously enhance Splunk detection content, including cloud-specific use cases for AWS and Azure environments
• Analyze logs from diverse sources including Windows Event Logs, Linux system logs, CrowdStrike telemetry, firewall logs, network traffic, and cloud-native sources such as AWS CloudTrail, AWS GuardDuty, Active Directory, and Flow Logs
• Investigate alerts to identify potential security incidents and anomalous behavior, with emphasis on cloud infrastructure, workloads, and identities
• Conduct proactive threat hunting to detect Advanced Persistent Threats (APTs), insider threats, and suspicious activity across enterprise and multi-cloud environments (AWS & Azure)
• Incorporate threat hunting findings into detection content, cloud-specific response playbooks, and security runbooks
• Monitor and analyze DLP alerts for data exfiltration, data tagging, and compliance violations across both on-premises and cloud environments
• Collaborate with cross-functional teams to remediate and prevent data leakage incidents, including cloud storage misconfigurations (e.g., exposed S3 buckets, Azure Blob Storage)
• Execute end-to-end IR processes including detection, analysis, containment, eradication, and recovery, with expertise in cloud-specific incident response procedures for AWS and Azure
• Document and track incidents using SOC workflows and ticketing systems, ensuring thorough post-incident analysis and lessons learned
• Monitor, assess, and continuously improve security controls across AWS and Azure environments, including network security groups, security hub findings, and compliance posture
• Identify, investigate, and remediate cloud-specific threats and misconfigurations leveraging native tools

KNOWLEDGE SKILLS AND ABILITIES:

• Advanced Splunk SPL, dashboard, and ES proficiency with cloud-native detection content for AWS and Azure
• Experience analyzing logs from Windows, Linux, EDR, firewalls, and cloud sources (CloudTrail, Azure Monitor, VPC Flow Logs)
• Proven threat hunting experience targeting APTs and insider threats across multi-cloud environments using MITRE ATT&CK
• Strong incident response background, including cloud-specific IR procedures for AWS and Azure
• Deep understanding of cloud security controls and native tooling including IAM, GuardDuty, Security Hub, and Microsoft Defender for Cloud
• Strong communication skills for presenting technical findings and security risks to diverse audiences

PREFERRED DEGREE TYPES AND EXPERIENCE:

• Bachelor's degree in a related specialized area or equivalent is required plus a minimum of 2 years of relevant experience; or Master's degree plus a minimum of 0 years of relevant experience
• AWS and Azure security certifications
• CISSP
• Security+
• Splunk Certified Power User
• Splunk Enterprise Security Certified Admin
• CEH
• Experience working with or familiarity with AI/ML models

Target salary range: USD $90,359.00/Yr. - USD $97,771.00/Yr. This estimate represents the typical salary range for this position based on experience and other factors (geographic location, etc.). Actual pay may vary. This job posting will remain open until the position is filled.

General Dynamics Mission Systems (GDMS) engineers a diverse portfolio of high technology solutions, products and services that enable customers to successfully execute missions across all domains of operation. With a global team of 12,000+ top professionals, we partner with the best in industry to expand the bounds of innovation in the defense and scientific arenas. Given the nature of our work and who we are, we value trust, honesty, alignment and transparency. We offer highly competitive benefits and pride ourselves in being a great place to work with a shared sense of purpose. You will also enjoy a flexible work environment where contributions are recognized and rewarded. If who we are and what we do resonates with you, we invite you to join our high-performance team!

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans