Job Description
Responsibilities for this Position
Location: USA LA Bossier City
Full Part/Time: Full time
Job Req: RQ217711
Type of Requisition: Regular
Clearance Level Must Currently Possess: None
Clearance Level Must Be Able to Obtain: None
Public Trust/Other Required: Other
Job Family: Cyber and IT Risk Management
Job Qualifications: Skills: Cyber Defense, Security Information and Event Management (SIEM), Security Operations, Security Tools
Certifications: None
Experience: 8 + years of related experience
US Citizenship Required: No
Job Description: As a senior member of the SOC team supporting the
Virginia Information Technology Agency (VITA), the Tier III analyst serves as the primary escalation authority for high-severity security incidents and owns the full escalation chain from initial triage through containment, remediation, and post-incident review. A core function of this role is building and maintaining operational Splunk dashboards, automated detection workflows, and correlation searches that improve SOC efficiency and threat visibility. The Tier III analyst brings deep hands-on experience working in Splunk at an advanced level and provides threat hunting and incident response expertise across the team. The role may also require mentoring junior analysts and operating third-party toolsets within the client environment.
RESPONSIBILITIES: A day in the life of a Cyber Security Analyst Tier III:
Incident Response & Threat Operations - Lead complex investigations and incident response (Tier III ownership): pivoting across identity, endpoint, network, email, cloud, and SaaS telemetry to drive containment and remediation
- Provide expertise with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), threat hunting, and threat intelligence; own customer-facing escalation and remediation activities
- Recognize successful and unsuccessful intrusion attempts; triage security events and accurately prioritize and escalate incidents per established runbooks
- Detect the full spectrum of known cyberattacks (DDoS, malware, phishing, ransomware, and others) and correlate events across capabilities to identify attacks and breaches
- Examine malware analysis reports to correlate similar events across incidents; document and report actions taken by malicious actors in customer networks
- Recommend appropriate methods of system remediation and threat mitigation; prepare incident reports detailing analysis methodology and results
Splunk Operations & Automation - Build, maintain, and optimize Splunk dashboards and reports that provide operational visibility into threat activity, SOC performance metrics, and incident trends for analysts and leadership
- Develop and maintain automated detection workflows, correlation searches, and alert actions in Splunk to reduce analyst workload, minimize false positives, and accelerate response to high-priority threats
- Write and maintain SPL searches, scheduled reports, and lookup-driven workflows; leverage scripting (Python, PowerShell) to extend Splunk capabilities and support security automation where needed
- Conduct log and system analysis for network and security devices; create and update detection rules and signatures in security tools and applications
- Document emerging threat intelligence and reported IOCs for security tool integrations
Detection Tuning & Compliance Alignment - Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment
- Develop and tune detection content - including use cases, correlation rules, and alert logic - to improve fidelity and reduce noise across the SOC environment
- Analyze and act on intelligence information to secure customer networks and devices
Automation & Scripting - Working knowledge of scripting (Python, PowerShell, or Bash) for security automation, log parsing, and workflow integration; ability to read and modify scripts to support SOC operations
- Support automation efforts that reduce manual analyst burden, improve detection fidelity, and accelerate incident response timelines.
Leadership & Mentorship - Document and maintain runbooks and playbooks; mentor Tier I/II analysts as needed and contribute to post-incident retrospectives and continuous detection improvements
- Develop lessons learned documentation, reporting, and SOPs for incident response
- Serve as team/task lead as required; coach less-experienced analysts and model best practices across the escalation chain
- Maintain current understanding of cybersecurity best practices and motivate team members to expand knowledge and capabilities
REQUIRED QUALIFICATIONS: - Technical Training, Certification(s), or Degree
- 8 or more years of experience in cybersecurity operations
- Splunk experience - advanced SPL, dashboard development, automated alerting, and correlation search creation in an operational SOC environment
- CyberArk experience - privileged access management in a government or enterprise SOC environment
- Qualifying certification to meet DoW 8140/DCWF CSSP Analyst requirements within 6 months of start: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+
Location: On-site at GDIT's Integrated Technology Center in Bossier City, LA
GDIT IS YOUR PLACE At GDIT, the mission is our purpose, and our people are at the center of everything we do.
Growth: AI-powered career tool that identifies career steps and learning opportunities
Support: An internal mobility team focused on helping you achieve your career goals
Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
Flexibility: Full-flex work week to own your priorities at work and at home
Community: Award-winning culture of innovation and a military-friendly workplace
The likely salary range for this position is $116,813 - $143,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours: 40
Travel Required: Less than 10%
Telecommuting Options: Onsite
Work Location: USA LA Bossier City
Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc.
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
PI283729722
As a senior member of the SOC team supporting the
Virginia Information Technology Agency (VITA), the Tier III analyst serves as the primary escalation authority for high-severity security incidents and owns the full escalation chain from initial triage through containment, remediation, and post-incident review. A core function of this role is building and maintaining operational Splunk dashboards, automated detection workflows, and correlation searches that improve SOC efficiency and threat visibility. The Tier III analyst brings deep hands-on experience working in Splunk at an advanced level and provides threat hunting and incident response expertise across the team. The role may also require mentoring junior analysts and operating third-party toolsets within the client environment.
RESPONSIBILITIES: A day in the life of a Cyber Security Analyst Tier III:
Incident Response & Threat Operations - Lead complex investigations and incident response (Tier III ownership): pivoting across identity, endpoint, network, email, cloud, and SaaS telemetry to drive containment and remediation
- Provide expertise with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), threat hunting, and threat intelligence; own customer-facing escalation and remediation activities
- Recognize successful and unsuccessful intrusion attempts; triage security events and accurately prioritize and escalate incidents per established runbooks
- Detect the full spectrum of known cyberattacks (DDoS, malware, phishing, ransomware, and others) and correlate events across capabilities to identify attacks and breaches
- Examine malware analysis reports to correlate similar events across incidents; document and report actions taken by malicious actors in customer networks
- Recommend appropriate methods of system remediation and threat mitigation; prepare incident reports detailing analysis methodology and results
Splunk Operations & Automation - Build, maintain, and optimize Splunk dashboards and reports that provide operational visibility into threat activity, SOC performance metrics, and incident trends for analysts and leadership
- Develop and maintain automated detection workflows, correlation searches, and alert actions in Splunk to reduce analyst workload, minimize false positives, and accelerate response to high-priority threats
- Write and maintain SPL searches, scheduled reports, and lookup-driven workflows; leverage scripting (Python, PowerShell) to extend Splunk capabilities and support security automation where needed
- Conduct log and system analysis for network and security devices; create and update detection rules and signatures in security tools and applications
- Document emerging threat intelligence and reported IOCs for security tool integrations
Detection Tuning & Compliance Alignment - Align detections and logging with frameworks and controls: NIST 800-53, NIST CSF, PCI DSS, HIPAA, and SOX as applicable to the customer environment
- Develop and tune detection content - including use cases, correlation rules, and alert logic - to improve fidelity and reduce noise across the SOC environment
- Analyze and act on intelligence information to secure customer networks and devices
Automation & Scripting - Working knowledge of scripting (Python, PowerShell, or Bash) for security automation, log parsing, and workflow integration; ability to read and modify scripts to support SOC operations
- Support automation efforts that reduce manual analyst burden, improve detection fidelity, and accelerate incident response timelines.
Leadership & Mentorship - Document and maintain runbooks and playbooks; mentor Tier I/II analysts as needed and contribute to post-incident retrospectives and continuous detection improvements
- Develop lessons learned documentation, reporting, and SOPs for incident response
- Serve as team/task lead as required; coach less-experienced analysts and model best practices across the escalation chain
- Maintain current understanding of cybersecurity best practices and motivate team members to expand knowledge and capabilities
REQUIRED QUALIFICATIONS: - Technical Training, Certification(s), or Degree
- 8 or more years of experience in cybersecurity operations
- Splunk experience - advanced SPL, dashboard development, automated alerting, and correlation search creation in an operational SOC environment
- CyberArk experience - privileged access management in a government or enterprise SOC environment
- Qualifying certification to meet DoW 8140/DCWF CSSP Analyst requirements within 6 months of start: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+
Location: On-site at GDIT's Integrated Technology Center in Bossier City, LA
GDIT IS YOUR PLACE At GDIT, the mission is our purpose, and our people are at the center of everything we do.
Growth: AI-powered career tool that identifies career steps and learning opportunities
Support: An internal mobility team focused on helping you achieve your career goals
Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
Flexibility: Full-flex work week to own your priorities at work and at home
Community: Award-winning culture of innovation and a military-friendly workplace
The likely salary range for this position is $116,813 - $143,750. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours: 40
Travel Required: Less than 10%
Telecommuting Options: Onsite
Work Location: USA LA Bossier City
Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc.
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
PI283729722
Job Tags
Full time, Temporary work, Part time, Immediate start, Remote work, Work from home, Worldwide, Flexible hours