Company Overview
By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.
Position Overview
The Junior Cybersecurity Analyst supports 24x7 cybersecurity monitoring, incident detection, alert triage, ticket response, escalation management, and operational reporting activities within a Network Operations Center (NOC) and Cybersecurity Operations Center (CSOC) environment. The analyst assists in monitoring enterprise, cloud, and tactical network environments, identifying potential security events, responding to operational tickets, supporting incident response activities, and maintaining operational awareness across connected and disconnected operational environments.
This role supports continuous monitoring operations utilizing SIEM, IDS/IPS, EDR/XDR, vulnerability management, cloud security, Zero Trust access, and ticketing platforms while operating within established operational procedures, escalation workflows, SLA requirements, and security playbooks.
Responsibilities
Monitor security events, alerts, dashboards, and operational queues within SIEM, IDS/IPS, and cloud security platforms
Respond to operational tickets, incidents, and service requests within established SLA response timelines
Ensure ticket updates, escalations, documentation, and resolution activities comply with contractual SLA requirements
Perform initial triage and classification of cybersecurity and operational alerts
Escalate incidents in accordance with operational severity classifications and response procedures
Assist with incident investigation, event enrichment, and evidence collection activities
Support ticket management, workflow tracking, and operational documentation within JIRA or equivalent ITSM platforms
Monitor endpoint, network, cloud, and infrastructure telemetry for indicators of compromise or operational degradation
Support vulnerability management activities, including Nessus scan review and remediation tracking
Monitor and support security operations within AWS and Microsoft Azure cloud environments
Support Appgate Secure Access and Zero Trust access monitoring activities
Assist with Splunk dashboard monitoring, search analysis, correlation review, and alert validation
Support operational reporting, metrics collection, SLA tracking, and audit readiness activities
Maintain situational awareness across connected, degraded, and disconnected operational environments
Follow established cybersecurity procedures, change control processes, escalation paths, and operational playbooks
Participate in shift turnover briefings and operational status reporting
Support coordination activities between NOC, CSOC, engineering, cloud operations, and field support personnel
Maintain operational logs, incident records, and audit documentation
Work environment:
24x7 operational monitoring environment
Shift-based operations, including nights, weekends, and holidays as required/if required
SLA-driven operational support environment
Hybrid operational support across enterprise, cloud, and tactical/disconnected environments
Collaboration with engineering, cybersecurity, cloud operations, field operations, and customer stakeholders
Required Experience/Qualifications
Associate’s degree or Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience)
0–3 years of cybersecurity, SOC, NOC, cloud operations, service desk, or IT operations experience
Basic understanding of:
cybersecurity principles
networking fundamentals
TCP/IP
operating systems
cloud security concepts
and security monitoring operations
Familiarity with cybersecurity and monitoring tools such as:
Splunk
Security Onion
CrowdStrike
Nessus
ELK/Elasticsearch
Appgate
AWS CloudWatch
Microsoft Azure Monitor
or similar technologies
Basic understanding of:
SIEM operations
incident response
log analysis
vulnerability management
cloud monitoring
ticket management
and threat detection concepts
Familiarity with AWS and Microsoft Azure environments
Experience responding to tickets and working within SLA-driven operational environments preferred
Ability to follow operational procedures and escalation workflows
Strong analytical and problem-solving skills
Effective written and verbal communication skills
Ability to work rotating shifts in a 24x7 operational environment
Preferred Experience/Qualifications
Security+ certification (or ability to obtain within 6 months)
AWS Certified Cloud Practitioner (preferred)
Microsoft Azure Fundamentals (AZ-900) certification (preferred)
Familiarity with:
NIST frameworks
RMF
CMMC
Zero Trust architectures
or DoD cybersecurity environments
Experience with:
Splunk SIEM
AWS security services
Azure security services
Appgate SDP
or cloud-native monitoring platforms
Experience with ticketing systems such as JIRA or ServiceNow
Exposure to virtualization, endpoint security, or cloud-native security technologies
Active U.S. Government security clearance (preferred but not required)
Special Requirements/Security Clearance
Ability to obtain and maintain a U.S. Government security clearance, if required by contract.