Incident Response Analyst (Hybrid)

Zachary Piper Solutions is seeking a

Incident Response/SOC Analyst to support an security operations program for Department of Treasury (IRS) in New Carrollton, MD. The team is seeking an individual with a dynamic skill set in networking security operations and a passion for incident response.

Clearance: U.S. Citizenship required - ability to obtain IRS Public Trust

Location: New Carrollton, MD (HYBRID - on site 1x a week)

Hours: Day shift (6AM-2PM ET) Night shift (2PM-10PMET)

This job opens for applications on 8/6/2025. Applications for this job will be accepted for at least 30 days from the posting date

Responsibilities of the SOC Analyst:

• Create and monitor traffic/ data flow baselines and identify network anomalies
  
• Identify tactics used by adversaries including procedures, behavior patterns, and techniques
  
• Create incident responses, follow-ups, and reports along with reporting criteria to strengthen the Incident Response capability
  
• Create and modify splunk queries using Splunk Processing Language (SPL)
  
• Correlate logs from various sources (Log Analysis, Correlation Rules, Packet Capture, etc.)
  

Qualifications of the SOC Analyst:

• Must have an IRS Public Trust or ability to obtain (6-8 weeks to process)
  
• 1-2+ years of experience with Incident Response in an SOC environment
  
• Experience with network stack design, execution/function of OSI model, and Windows and Linux kernel
  
• Experience modifying Splunk Processing Language (SPL)
  
• Experience utilizing Splunk and Wireshark for packet capture
  
• Strong understanding of cyber security principals and/or network security
  
• Ability to identify security weakness, cyber security risks, and malware analysis
  

Compensation for the SOC Analyst:

• Salary Range: $70,000-$82,000+ based on experience level
  
• Full Benefits: PTO, Paid Holidays, Medical, Dental, Vision, 401K, etc.
  
• Training and certification reimbursement
  
• Mostly remote work
  

Keywords: SIEM, threat detection, incident response, log analysis, intrusion detection, vulnerability management, malware analysis, network security, endpoint protection, threat intelligence, security monitoring, SOC, Splunk, SPL, Splunk processing language, PCAP, packet capture, wireshark, crowdstrike, cyber, operations, secret, top secret, public trust, correlation rules, alert triage, forensic investigation, access control, firewalls, IDS/IPS, data loss prevention (DLP), phishing analysis, MITRE ATT&CK framework, kill chain analysis, security event management, risk assessment, compliance reporting, SOC workflows, playbooks, ticketing systems, Splunk, QRadar, ArcSight, Sentinel, CrowdStrike, Palo Alto Networks, Wireshark, TCP/IP, DNS analysis, packet capture, encryption protocols, security policies, zero trust architecture, cyber hygiene, red team/blue team operations, log aggregation, behavioral analytics, and continuous monitoring.