Sec Ops Analyst II

Security Operations Analyst II

Security Operations Analysts are responsible for monitoring, detecting, and responding to cybersecurity threats and incidents across the enterprise. They perform threat analysis, incident response, and proactive threat hunting while ensuring compliance with Centers for Medicare & Medicaid Services (CMS) Acceptable Risk Safeguards (ARS) 5.1, National Institute of Standards and Technology (NIST) 800-53, and Federal Information Systems Management Act (FISMA) standards. The team works to continuously improve security processes, tools, and automation, with a focus on advanced monitoring, containment and remediation activities.

• Performs initial triage and investigation of alerts generated by System Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Data Loss Prevention (DLP), and other monitoring tools using critical thinking, problem-solving, and the MITRE ATT&CK framework.
• Monitors network, host, and application alerts for indicators of compromise or policy violations.
• Vulnerability intake and classification. Manages the intake and classification of security vulnerabilities.
• Researches and classifies software patch updates.
• Creates and updates incident tickets in accordance with defined SLAs and escalation procedures.
• Participates in continuous monitoring operations, including log correlation and alert tuning.
• Maintains detailed documentation of all alerts, investigations, and response activities.
• Supports daily and weekly reporting of security operations metrics and trends.
• Adheres to established playbooks and incident handling procedures.
• Maintains basic knowledge of cyber threat landscapes and emerging attack vectors.
• As assigned, provides after-hours support by responding to and assisting with incidents as part of an on-call or escalation rotation.
• Conducts advanced analysis and correlation of events across multiple data sources (endpoint, network, identity, and cloud).
• Performs threat hunting activities leveraging MITRE ATT&CK and other intelligence frameworks.
• Leads containment and eradication steps for medium-severity incidents.
• Coordinates with IT and Security Engineering for incident response, remediation, and lessons learned.
• Develops and refines security operations use cases and detection rules to reduce false positives and improve alert quality.
• Maintains and improves security operations playbooks, runbooks, and standard operating procedures.
• Conducts quality review of Analyst I investigations and provides coaching and feedback.
• Contributes to weekly threat reports, metrics, and situational awareness briefings.
• Participates in vulnerability management reviews and validation scans.
• Collaborates with the Governance, Review and Compliance (GRC) team to support compliance evidence collection related to continuous monitoring controls.

• Other duties as assigned.

• Bachelors degree in Information Technology, Cybersecurity, or related field OR equivalent work experience determined by Human Resources.
• 3 years of experience in security operations, threat detection, or incident response.
• Hands-on experience with EDR, SIEM, Intrusion Detection System/Intrusion Prevention System, and SOAR platforms.
• Understanding of incident lifecycle (detect, analyze, contain, eradicate, recover) and NIST 800-53
• Proficiency in interrupting network packets, logs, and endpoint telemetry.
• Working knowledge of MITRE ATT&CK and its application to detection logic, automation, and threat modeling.
• Strong attention to detail, communication, and documentation skills.
• Strong analytical and critical-thinking skills with ability to prioritize under pressure.

Preferred Qualifications

• CompTIA Security+, CySA+, or equivalent entry-level certification
• 4 years experience in security operations, threat detection, or incident response.

Environment and Cognitive/Physical Demands

• Office environment
• Ability to read, hear, speak, keyboard, reason, communicate effectively and problem solve
• Requires prolonged sitting and telephone usage
• Requires the use of office equipment such as computer terminals, telephones, copiers and printers
• Infrequent lifting to 20 pounds
• Infrequent stooping

Segregation of Duties

Every employee is responsible to perform their duties and responsibilities in accordance with Noridian values, policies and procedures, including but not limited to, Segregation of Duties Principles, HIPAA, Security and Privacy, CMS requirements, the Noridian Compliance Program, and any other applicable laws, rules and regulations.

Statement of Other Duties

This document describes the essential functions, requirements, and responsibilities of this job, and is not intended to be a complete list of all tasks and functions. Employees may be requested to perform job related tasks other than those specifically listed in this description and may be required to perform any task requested by the supervisor or management.

Total Rewards Package:

Health, Dental and Vision Insurance, Voluntary Insurance Plans, Health Savings and Flexible Spending Accounts, 401k and Company Match, Company-paid Life Insurance, Education Assistance Program, Paid Sick Leave, Paid Holidays, Increasing PTO Accrual Plan, Medical/Parental/Disability Leave, Workers Compensation, Retiree Benefits, Severance Package, Employee Assistance Program, Financial and Health Wellness Benefits, Casual Dress, Open Office Setting, and Online Learning System.

CMS Access Compliance and Regulation Contingency Statement

Some positions require compliance with (i) federal and agency specific regulations and related clauses included in Noridian's prime contracts with the Government, (ii) background checks, and (iii) eligibility for a government-issued identification card.

An employee in this position may be required to possess a "Federal Identification Card" (Federal ID) as a condition of employment. Federal ID's may include one of the following: Personal Identity Verification (PIV) card, Personal Identity Verification-Interoperable (PIV-I) card, a Local-Based Physical Access Card issued by CMS, or a Local-Based Physical Access Card issued by another Federal agency and approved by CMS. Obtaining a Federal ID and continued eligibility for this position may require the successful completion of a Federal Background Investigation performed by the Federal Government and a residency requirement that you have lived in the United States at least three out of the last five years. Failure to obtain a Federal ID may result in the removal from the position or termination of employment.

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law.

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

Below is the salary range for potential new hires.

Salary Range: The pay range for this position is $52,120.20 - $85,724.33 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors.

Other Compensation: Incentive Plan & Lifestyle Benefit

This job will be closed 02/23/2026 at 8:00AM CST. No further applications will be considered.