Cyber Security Python Jobs (NOW HIRING)

ASRC Federal is looking for an experienced Senior Cyber Security Analyst (Incident Response & Threat Operations) to join our team in a government contracting (GovCon) environment. This is a full-time remote position with occasional on-site support (Beltsville, MD or Reston, VA). 

The Senior Cyber Security Analyst is responsible for advanced incident response, threat detection, and Tier II/Tier III Security Operations Center (SOC) support within an enterprise environment. This role focuses on investigating security events, identifying malicious activity, responding to cyber incidents, and improving detection capabilities across the organization.

The ideal candidate has strong hands-on experience in intrusion detection, threat hunting, phishing investigations, endpoint and network analysis, and operational cybersecurity support.

Key Responsibilities

• Serve as a Tier II/Tier III escalation point for complex SOC investigations and cybersecurity incidents.
• Investigate and respond to security alerts involving phishing, malicious URLs, malware activity, credential compromise, suspicious authentication activity, and endpoint threats.
• Conduct proactive threat hunting activities using SIEM, EDR/XDR, firewall, DNS, email security, and network telemetry data.
• Monitor security tools, logs, alerts, and reports to identify suspicious or malicious activity and coordinate appropriate response and remediation actions.
• Identify, analyze, and mitigate cybersecurity threats, vulnerabilities, and system weaknesses to reduce organizational risk exposure.
• Analyze security events and logs to identify indicators of compromise, attack patterns, and unauthorized activity.
• Perform incident response activities including triage, containment, eradication, recovery, and root cause analysis for security incidents.
• Support and enhance enterprise security monitoring and detection capabilities across SIEM, EDR/XDR, IDS/IPS, email security, and firewall platforms.
• Develop and tune detection rules, alerting logic, and threat detection use cases to improve SOC effectiveness and reduce false positives.
• Create scripts and automation solutions using PowerShell, Python, or similar tools to streamline investigations and response activities.
• Collaborate with infrastructure, networking, cloud, and endpoint teams during investigations and remediation efforts.
• Evaluate emerging threats, vulnerabilities, attack techniques, and security technologies to strengthen enterprise detection and response capabilities.
• Provide technical guidance and support for escalated cybersecurity investigations and operational issues.
• Document investigative findings, incident timelines, and remediation recommendations.
• Participate in on-call incident response support as required.

Required Qualifications

• Must be a U.S. Citizen or Permanent Resident (Green Card Holder).
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent professional experience.
• 7+ years of hands-on experience in cybersecurity operations, incident response, or SOC environments.
• Experience supporting Tier II/Tier III SOC investigations and incident handling.
• Strong experience with:
  • SIEM platforms
  • EDR/XDR technologies
  • IDS/IPS systems
  • Email security platforms
  • Firewall and network security tools
• Experience investigating phishing attacks, URL click alerts, malware infections, and account compromise activity.
• Strong understanding of TCP/IP, DNS, HTTP/S, VPNs, Active Directory, and enterprise networking concepts.
• Experience supporting Windows and Linux environments.
• Proficiency in PowerShell, Python, or similar scripting languages.
• Strong analytical, troubleshooting, and communication skills.
• Ability to work independently in a fast-paced operational environment.

Preferred Qualifications

• Certifications such as CISSP, GCIH, GCIA, CEH, Security+, or equivalent (at least one is required).
• Experience with MITRE ATT&CK, threat intelligence platforms, or SOAR technologies.
• Familiarity with cloud security monitoring and enterprise-scale security operations.

Additional Information

• Reports to: Cybersecurity Governance, Risk & Compliance Leadership
• Travel: None
• Clearance: Secret clearance preferred but not required; may be required based on project needs.