Incident Responder / SOC Analyst

February 13, 2026
  • Contract

TECHEAD

To Apply for this Job Click Here

Always Connecting, Always Evolving.

TECHEAD is seeking qualified applicants for the following Contract position – Incident Responder / SOC Analyst / – (JOB-22074). If you are looking for a new opportunity and this position looks to be a fit, please apply to see the TECHEAD difference that has made us successful for 30+ years!

You can find more about our team and values by checking us out at TECHEAD.com or on Glassdoor

Job Description:
Incident Responder/ SOC Analyst | 22074

Contract: 6 Months
Hybrid: 3-4 Days Onsite
Local Candidates Only
Richmond, VA 

**No C2C Candidates**

RESPONSIBILITIES

  • Monitor and triage alerts from SIEM, EDR, and NDR tools to distinguish false positives from true positives.
  • Investigate incidents validating severity, scope, and potential impact.
  • Analyze attack telemetry and convert raw data into actionable threat intelligence.
  • Handle tasks aligned with Tier 1 and Tier 2 SOC Analysts following the NICE framework
  • Collaborate with and escalate to Tier 3 analysts or senior cybersecurity staff for complex cases requiring deep forensic analysis or malware reverse engineering.
  • Leverage threat intelligence sources, such as IOCs, updated detection rules, MITRE ATT&CK, CISA advisories, Virginia Fusion Center, to enhance investigations and detection capabilities.
  • Assist in designing and implementing containment strategies, including host isolation, account lockdown and network segmentation.
  • Coordinate recovery efforts to securely restore systems and prevent recurrence of incidents.
  • Update and refine incident response playbooks and procedures based on postmortems, lessons learned, and emerging threats.
  • Assist in SIEM tuning and detection rule optimization to reduce false positives and improve alert fidelity.
  • Prepare detailed incident reports for internal stakeholders, ensuring clarity and completeness.
  • Thoroughly document findings within case management and ticketing systems (timestamps, artifacts, actions taken).
  • Collect and preserve evidence (logs, emails, file hashes, process trees) in accordance with standard operating procedures.
  • Track and close tickets, ensuring SLAs are met and proper handoffs occur across shifts.
  • Contribute to continuous improvement by providing feedback on alert quality and playbook enhancements to senior security staff and engineering teams.

MINIMUM QUALIFICATIONS

  • 2–5 years of experience in cybersecurity operations, incident response, or working in a SOC
  • Experience with cybersecurity tools such as Qualys, Splunk, Cisco Secure Access, ThousandEyes, DUO, and Cloudflare. Experience with Active
  • Directory, Azure AD, and ticketing systems like ServiceNow and Jira, is highly desirable.
  • Strong understanding of:
    • Incident Response Lifecycle (NIST 800-61 or similar frameworks)
    • Threat intelligence and IOC correlation
    • Network protocols (TCP/IP, DNS, HTTP) and log analysis
    • SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel, etc.)
    • EDR tools (e.g., CrowdStrike, Microsoft Defender, Cisco Secure Endpoint, etc.)
    • Threat intelligence platforms and IOC feeds
  • Familiarity with Active Directory, Azure AD, and identity management concepts.
  • Strong knowledge of security concepts including Zero Trust architecture, Network Access Control (NAC), endpoint security, and other best practices in the cybersecurity industry.
  • Scripting knowledge using tools such as PowerShell or Python for automation and data parsing.
  • Ability to contain and remediate incidents using established playbooks and best practices.
  • Excellent documentation and communication skills for both technical and non-technical audiences.

PREFERRED QUALIFICATIONS:

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.
  • Industry certifications (earned or in-progress) such as:
    • CompTIA Security+, CySA+
    • GIAC certifications (GCIA, GCIH, GCFA)
    • CISSP (in-progress acceptable)
    • Microsoft certifications (SC-900, SC-200)
    • Splunk Core User or equivalent
  • Experience with:
    • SOAR automation for incident response workflows
    • Packet capture and analysis tools (e.g., Wireshark)
    • Cloud security concepts and tools (Azure, AWS)

TECHEAD’s mission is to make our on-site associates successful by placing them in the right environment so they can grow and prosper. How we treat and respond to our clients and employees is a reflection of who we are and makes us stand out from the rest. Keeping our business focused on building and maintaining relationships with our employees and clients is the key to our success. We won’t strive for anything less.

TECHEAD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

For more information on TECHEAD please visit www.techead.com.

No second parties will be accepted.

To Apply for this Job Click Here

  Apply with Google   Apply with Twitter
  Apply with Github   Apply with Linkedin   Apply with Indeed
  Stack Overflow