Job Summary
Under the supervision of the Vice President of Information Technology, the Senior Analyst, Technology Governance & Controls is responsible for strengthening CGC’s enterprise technology governance framework, internal control environment, and operational risk posture. This role helps ensure that technology-related processes, system access models, vendor relationships, documentation standards, and change practices align with organizational expectations for accountability, audit readiness, and institutional durability. 

The Senior Analyst serves as a key internal resource for access governance, control evidence management, policy administration, risk tracking, vendor oversight support, continuity planning coordination, and governance reporting. This position translates governance expectations into practical, repeatable operating disciplines that support secure and efficient business execution. 

This role is well suited for a proactive professional who can operate effectively in a growing and evolving organization, bring structure where processes continue to mature, and execute with sound judgment, discretion, and a high degree of ownership. Success in this position requires collaboration, professionalism, strong written communication, and the ability to improve how work gets done through practical use of automation, AI tools, and modern workflow capabilities. This role is central to CGC's enterprise governance maturity, maintaining the frameworks, processes, and controls that allow IT systems, data, and vendors to operate with accountability and discipline.

Key Responsibilities

• Support CGC’s enterprise technology governance and control environment through disciplined administration of repeatable oversight processes. 
• Coordinate periodic user access reviews, entitlement recertifications, segregation-of-duties support reviews, and permission validation activities across enterprise systems.
• Maintain repositories of control evidence, approvals, documentation, and artifacts required for audits, internal reviews, external assessments, or regulatory inquiries.
• Administer the lifecycle of technology-related policies, standards, and procedures, including version control, review schedules, approvals, acknowledgments, and publication tracking.
• Support vendor governance and third-party risk management processes, including intake coordination, due diligence documentation, contract control support, and remediation follow-up.
• Maintain governance logs and trackers related to risks, issues, exceptions, incidents, remediation items, and management action plans.
• Administer and monitor the technology change management process including ticket completeness, approval validation, testing evidence review, and record retention within the Technology Service Desk in Jira.
• Coordinate business continuity and disaster recovery governance activities, including inventories, documentation updates, exercise support, and remediation tracking.
• Prepare dashboards, reports, metrics, and presentations related to governance performance, access controls, training completion, vendor reviews, policy status, and control maturity, including PowerBI reporting where applicable.
• Assist in administration of security awareness initiatives, policy acknowledgments, phishing simulations, and workforce education programs.
• Identify opportunities to streamline governance processes through workflow automation, AI-enabled productivity tools, agentic workflows, and improved operating procedures consistent with internal control expectations.
• Partner with Finance, Legal, Risk, Operations, and business stakeholders to improve enterprise accountability and governance practices.
• Handle sensitive information with discretion and professionalism, escalating concerns appropriately.
• Operate with a high degree of ownership, reliability, and judgment in a dynamic environment with evolving priorities.
• Perform other duties as assigned in support of CGC’s mission and operational needs.

Required Skills and Abilities

• Experience in governance, internal controls, risk management, audit support, compliance operations, technology administration, or related business operations environments.
• Demonstrated experience managing documentation, evidence, approvals, trackers, or structured operational processes with strong attention to detail.
• Familiarity with access governance concepts, role-based permissions, and enterprise system control practices.
• Strong organizational skills with the ability to manage multiple priorities and deadlines.
• Excellent written communication and presentation skills.
• Demonstrated ability to operate effectively in evolving environments with changing priorities and developing processes.
• Proven professionalism, discretion, and sound judgment when handling confidential or sensitive matters.
• Demonstrated digital fluency and ability to quickly learn modern platforms and emerging technologies.

Education and Experience

• Bachelor’s degree and 5+ years of directly related experience, or equivalent combination of education and experience.
• Experience supporting technology within financial services, nonprofit, startup, federally funded, or regulated environments.
• Familiarity with frameworks such as COSO, NIST, SOC, ISO 27001, or similar governance/control standards.
• Experience with enterprise platforms such as Vanta, Microsoft 365, PowerBI, Entra ID, Jira, Confluence, Box, NetSuite, Salesforce, or comparable systems.
• Experience supporting vendor management, procurement controls, contract administration, or third-party risk processes.
• Familiarity with workflow automation tools, AI productivity tools, prompt engineering, and emerging agentic workflow concepts.
• Certifications such as CISA, CRISC, Security+, ITIL, PMP, Lean Six Sigma, or similar credentials are a plus.

Compensation and Benefits

• The salary range for the Senior Analyst position is between $117,715.00 – $132,549.00 annually.
• Senior Analyst will be eligible for an annual bonus based on job and organizational performance.
• The benefits offered for the Senior Analyst include health insurance, 401k, vacation leave and sick leave.

What we are looking for

Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all.

We're searching for a Staff Security Platform Engineer to join our Enterprise Security Engineering team, reporting to the Technical Lead Manager of Security Engineering.

Aurora is scaling its autonomous trucking operations, and we need someone who makes our security tools actually work, not just deployed, but deeply configured, continuously tuned, and fully leveraged. This role is for the practitioner who has spent their career living inside security platforms: the person who knows their EDR better than the vendor's own support team, who can write a SIEM query from memory, and who instinctively knows when an alert is misfiring and exactly why.

This is not a software engineering role. It's a role for an elite security operator — someone with the instincts of a seasoned SOC analyst and the technical depth to own the platforms that power detection, response, and protection at enterprise scale. If you find deep satisfaction in mastering a tool, closing a coverage gap, or hunting down a threat that nobody else noticed, this role was written for you.

In this role you will

• Own the operational health, configuration, and continuous improvement of Aurora's enterprise security platform stack — including EDR/XDR, MDM, SIEM, DLP, IAM/IGA, DNS security, Email security, and PKI — ensuring each tool is tuned, policy-complete, and delivering reliable signal.
• Develop and refine detection rules, correlation logic, and alert policies, reducing noise while ensuring Aurora maintains high-fidelity coverage against real threats.
• Conduct proactive threat hunting across Aurora's security telemetry — forming hypotheses, querying logs, and investigating anomalies before they surface as incidents.
• Serve as the deepest internal expert on Aurora's enterprise security tooling, acting as the escalation point for complex platform issues, misconfigurations, and detection failures.
• Participate in the team's on-call rotation, leading deep-dive investigations into security alerts and incidents and driving triage, containment, and root cause analysis.
• Continuously audit and validate that existing security controls are configured to actually do what they're supposed to do — not just deployed and forgotten.
• Maintain operational runbooks, detection documentation, and platform configuration records, ensuring the team can operate consistently and scale institutional knowledge.

Required qualifications

• 12+ years of hands-on experience in enterprise security operations, security platform administration, or a senior SOC engineering role — with a career built on deep operational ownership of security tooling rather than software development.
• Expert-level proficiency administering and operating at least two enterprise security platforms (e.g., CrowdStrike, SentinelOne, Splunk, Panther, Sentinel, Jamf, Kandji/Iru, Puppet, WorkspaceONE, Intune, Zscaler, Okta, Proofpoint, Wiz, osquery), with strong working knowledge across several others.
• Demonstrated ability to tune and optimize security platforms beyond out-of-the-box configurations — writing custom detection logic, adjusting policy sets, and validating control effectiveness.
• Strong log analysis and threat hunting skills: you know how to build a hypothesis, write the query, follow the thread, and know when to escalate.
• Experience conducting thorough incident investigations — triage, containment, root cause analysis, and post-incident review — and communicating findings clearly to technical and non-technical stakeholders.
• Ability to assess security control effectiveness: not just "is this tool deployed" but "is it configured correctly, covering the right scope, and generating actionable signal."
• Comfort working under pressure in ambiguous, fast-moving situations with competing priorities.

Desirable qualifications

• Scripting ability for automation, log parsing, or workflow improvement (Python, Bash, or similar) — you don't need to be a software engineer, but you can write a script when it saves you an hour.
• Deep familiarity with MITRE ATT&CK as an operational tool for detection gap analysis and threat hunting hypothesis development.
• Experience with AWS security telemetry (CloudTrail, GuardDuty, Security Hub) and integrating cloud signals into a corporate SIEM.
• Familiarity with Zero Trust and identity-centric security models as they apply to policy enforcement in IAM and endpoint platforms.
• Platform-specific certifications such as CrowdStrike Certified Falcon Administrator, Splunk Core Certified Power User, or equivalent — or practitioner certifications like GCIH, GCIA, GCFE, or GCFA.

The base salary range for this position is $189,000 - $274,000 per Year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

This Senior IAM Engineer will own the Okta for Government High (FedRAMP High) tenant, which serves as the enterprise Identity Provider and Identity Governance platform for a 1,500+ user organization. The role is the primary technical resource responsible for the build, enhancement, and operation of key functions, including SSO integrations, Identity Governance (OIG), Lifecycle Management, Workflows automation, and Adaptive MFA policy.

In the first three months, you will help develop the core program documentation and workflows. You will collaborate with external teams like IT, Legal and People to integrate into company processes. You will work with our technical security experts to build Identity and Access management processes and procedures.

Responsibilities

• Own the Okta for Government High (FedRAMP High) tenant — configuration, health, lifecycle, and security posture
• Manage Universal Directory: on-prem AD Agent sync, HRIS attribute mastering, profile mappings, and group rules
• Build and maintain all SSO app integrations via the Okta Integration Network (OIN) using SAML, OIDC, and SCIM
• Own and maintain Okta Adaptive MFA policies: factor enrollment rules, risk-based step-up authentication, FIDO2/YubiKey/PIV/CAC configuration
• Maintain the Okta System Log to Microsoft Sentinel log streaming pipeline and retention configuration
• Own Okta Identity Governance (OIG): entitlement catalog, access certification campaign setup, SoD policy rules, and access request workflow design
• Own, Build and Maintain Okta Lifecycle Management: JML automation rules, HRIS connector configuration, and auto-provisioning and deprovisioning into all connected applications, access review triggers, and automated remediation
• Design, build, and document all Okta-side enhancements including new app onboarding, policy changes, and IGA configuration updates
• Write test cases for all Okta-side changes; execute UAT jointly with the Identity Governance & Operations Analyst before production promotion
• Support Identity Operations Specialist on Tier 2 Okta escalations and Workflow troubleshooting
• Assist Identity Governance & Operations Analyst with OIG campaign configuration and certification reporting

Requirements:

• 4+ years of hands-on Okta administration and engineering experience
• Demonstrated experience with Okta SSO app integrations via SAML 2.0 and OIDC
• Experience with Okta Lifecycle Management and HRIS connector configuration
• Experience building Okta Workflows for provisioning automation
• Experience with Okta Adaptive MFA policy configuration including FIDO2/WebAuthn and hardware token enrollment
• Experience with Okta Universal Directory including AD Agent deployment and profile mastering

Compliance Requirements: this role will be subject to US Federal regulations, therefore:

• Must be a U.S. Citizen or Lawful Permanent Resident (Green Card holder) — U.S. Person 
• Ability to obtain and maintain a security clearance or pass a background investigation consistent with CUI access
  
  

Preferred Qualifications:

• Experience with Okta for Government High (FedRAMP High) or FedRAMP Moderate environments — strong preference
• Okta Identity Governance (OIG) experience — access certifications, SoD, entitlement management
• Experience federating Okta to Microsoft Entra ID / GCCH as a SAML Service Provider
• Familiarity with CMMC, ITAR, GDPR, SOX, SOC 2 compliance requirements
• Experience with SCIM 2.0 provisioning to downstream applications
• Okta Identity Governance certification (preferred)

The approximate base salary range for this position is $126,887 - $166,127. The total compensation package includes base, bonus, equity, and a range of benefit options found on our career site.

Location: This role is based out of our College Park, Boulder, CO, or Bothell, WA offices, or can be remote in the US. 
Travel: Up to 1 week per quarter
Job ID:  1460

As Network & Security Operations Analyst, you’ll oversee both network and security operations for the Network Operations and Security Center. This role ensures the continuous availability, performance, and security of enterprise IT systems by leading a team responsible for network monitoring, incident management, and security threat response.

We know that you can’t have great technology services without amazing people. At MetroStar, we are obsessed with our people and have led a two-decade legacy of building the best and brightest teams. Because we know our future relies on our deep understanding and relentless focus on our people, we live by our mission: A passion for our people. Value for our customers.

If you think you can see yourself delivering our mission and pursuing our goals with us, then check out the job description below!

What you’ll do:

• 1st Shift: (7:00 AM - 4:00PM)
• Develop, document, and enforce standard operating procedures (SOPs) for network and security incidents.
• Act as the primary escalation point for major network outages and security incidents.
• Identify areas for incident responses to be automated and tools to be optimized.
• Collaborate with Operations and engineering teams to maintain optimal service levels.

What you’ll need to succeed:

• An active TS/SCI clearance
• 5+ years of experience in a NOSC, NOC, or SOC environment.
• Strong knowledge and configuration experience of network monitoring (e.g. SolarWinds, PRTG, Nagios) and SIEM tools (e.g. Splunk, QRadar, ArcSight).
• Experience managing network incidents, security events, and cyber threat response.
• Familiarity with ITIL frameworks, incident management, and service desk operations.
• Strong troubleshooting experience with firewalls, VPNs, IDS/IPS, and cloud security (AWS, Azure, GCP).

SALARY RANGE: $128,000 - $168,000

The salary range for this position is determined based on qualifications, skills, and relevant experience. The final salary offered will be determined based on several factors including: 

• The candidate's professional background and relevant work experience
• The specific responsibilities of the role and organizational needs
• Internal equity and alignment with current team compensation
• This role is also eligible for additional compensation, subject to the terms and policies of MetroStar, which may include:
• Performance-based bonuses
• Company-paid training and/or certifications
• Referral bonuses

ABOUT THE TEAM

Anduril's Detection and Response team is looking for a Security Operations Analyst to be the watchtower for Anduril's critical defense technologies. As a SecOps Analyst on the detection and response team, you'll be responsible for monitoring and responding to adversarial activity while helping incorporate key detection feedback loops with the detection engineering team. As a Senior SecOps Analyst, you will serve as an incident commander alongside other senior analysts. When not responding to threats, you'll be asking questions of our data sets, conducting threat hunting and data normalization operations across the organization to understand user behavior and identify anomalies. 

WHAT YOU'LL DO

• Triage and respond to alerts / incidents covering multiple disciplines including, but not limited to, phishing, endpoints, cloud infrastructure and services, and SaaS applications
• Build and optimize tailored detection signatures, response playbooks, and response automation using detection-as-code principles
• As the frontline of DNR, you will lead the feedback loop for detections, ensuring alerts are fine tuned to reduce false positives
• Participate in threat modeling scenarios with cross-functional partners to understand weaknesses across Cloud, Mobile, Endpoints, and other environments incorporating findings into security controls and/or detection signatures
• Organize and conduct threat hunting and data baselines to identify anomalous patterns in data
• Participate in an on-call rotation responding to security events and conducting incident response investigations while effectively communicating findings to key stakeholders. As a Senior SecOps Analyst, you will serve as an incident commander as necessary.
• Proactively collaborate with a wide range of stakeholders, guiding detection and response maturity of key worlds, leading incidents and large-scale data baselines, and being responsible with mentoring and guiding junior analysts.

REQUIRED QUALIFICATIONS

• Experience in security monitoring, log analysis, and detection engineering within large data sets across endpoint, network, and a wide variety of application log sources
• Experience in Python development, specifically contributing to a shared codebase used for automating SOC operations
• Must have experience with one or more SIEM languages (SPL, KQL, SQL)
• Experience conducting analysis in a data lake environment
• Broad range of practical security knowledge across the spectrum of endpoint, network, identity, application, and cloud infrastructure
• Knowledge of attacker tactics, techniques, and procedures (TTPs) across Windows, Linux, MacOS, AWS/Azure, etc.
• Strong communication skills and experience collaborating with internal and external stakeholders
• Must be able to obtain and hold a U.S. Top Secret security clearance

PREFERRED QUALIFICATIONS

• Experience conducting incident response in the Cloud (AWS, Azure, GCP)
• Digital Forensics and/or reverse engineering experience is a plus!

ABOUT THE TEAM

Anduril's Detection and Response team is looking for a Security Operations Analyst to be the watchtower for Anduril's critical defense technologies. As a SecOps Analyst on the detection and response team, you'll be responsible for monitoring and responding to adversarial activity while helping incorporate key detection feedback loops with the detection engineering team. As a Senior SecOps Analyst, you will serve as an incident commander alongside other senior analysts. When not responding to threats, you'll be asking questions of our data sets, conducting threat hunting and data normalization operations across the organization to understand user behavior and identify anomalies. 

WHAT YOU'LL DO

• Triage and respond to alerts / incidents covering multiple disciplines including, but not limited to, phishing, endpoints, cloud infrastructure and services, and SaaS applications
• Build and optimize tailored detection signatures, response playbooks, and response automation using detection-as-code principles
• As the frontline of DNR, you will lead the feedback loop for detections, ensuring alerts are fine tuned to reduce false positives
• Participate in threat modeling scenarios with cross-functional partners to understand weaknesses across Cloud, Mobile, Endpoints, and other environments incorporating findings into security controls and/or detection signatures
• Organize and conduct threat hunting and data baselines to identify anomalous patterns in data
• Participate in an on-call rotation responding to security events and conducting incident response investigations while effectively communicating findings to key stakeholders. As a Senior SecOps Analyst, you will serve as an incident commander as necessary.
• Proactively collaborate with a wide range of stakeholders, guiding detection and response maturity of key worlds, leading incidents and large-scale data baselines, and being responsible with mentoring and guiding junior analysts.

REQUIRED QUALIFICATIONS

• Experience in security monitoring, log analysis, and detection engineering within large data sets across endpoint, network, and a wide variety of application log sources
• Experience in Python development, specifically contributing to a shared codebase used for automating SOC operations
• Must have experience with one or more SIEM languages (SPL, KQL, SQL)
• Experience conducting analysis in a data lake environment
• Broad range of practical security knowledge across the spectrum of endpoint, network, identity, application, and cloud infrastructure
• Knowledge of attacker tactics, techniques, and procedures (TTPs) across Windows, Linux, MacOS, AWS/Azure, etc.
• Strong communication skills and experience collaborating with internal and external stakeholders
• Must be able to obtain and hold a U.S. Top Secret security clearance

PREFERRED QUALIFICATIONS

• Experience conducting incident response in the Cloud (AWS, Azure, GCP)
• Digital Forensics and/or reverse engineering experience is a plus!

About the Role:

The GRC Analyst, Federal & Customer Programs is responsible for the hands-on analysis, documentation, and operational execution of the company's security governance, risk, and compliance obligations. This role sits at the intersection of customer contracts, regulatory frameworks, and the company's security control environment — translating external requirements into clear, traceable internal commitments and evaluating how well current capabilities satisfy them. The GRC Analyst reviews incoming contractual security language, maps obligations to applicable frameworks and existing controls, produces compliance matrices and gap analyses, owns the operational risk assessment process, contributes to governance and policy lifecycle activities, and supports audit, assessment, and customer inquiry activities.

A meaningful portion of this role is dedicated to ongoing contract and requirements analysis as new programs are awarded and existing programs evolve. The GRC Analyst serves as the security function's primary reviewer of incoming contractual cybersecurity language and works directly with legal and sourcing on flow-down negotiation and redlines. Candidates who enjoy careful reading of contractual and regulatory text — and who want this to be a substantial part of their day-to-day work — will find this role a strong fit.

This is a detail-oriented, writing-intensive role requiring strong analytical judgment, fluency across multiple compliance frameworks, and the ability to work effectively with legal, sourcing, program management, engineering, and security operations stakeholders.

Key Responsibilities:

Contract & Requirements Analysis

• Review customer contracts, statements of work, security annexes, CDRLs, data protection addenda, and flow-down clauses to identify cybersecurity, privacy, and information handling obligations applicable to the company.
• Extract and catalog specific security requirements from contractual language, and translate them into structured, testable statements suitable for traceability and control mapping.
• Compare identified requirements against the company's current product scope, control environment, and certification posture to determine where compliance is already met, partially met, or requires new implementation work.
• Produce gap analyses, compliance matrices, and Requirements Traceability Matrix (RTM) artifacts that clearly communicate the state of compliance for a given contract, program, or system.
• Serve as the security function's primary point of contact for legal and sourcing during contract review, redline cycles, and flow-down negotiation, including review of subcontractor and supplier flow-down language.

Framework Mapping & Interpretation

• Maintain working proficiency across the frameworks relevant to the company's regulatory and contractual posture, including NIST SP 800-171, NIST SP 800-53, NIST CSF, CMMC, ISO 27001, FedRAMP, and applicable European frameworks such as NIS2 and GDPR.
• Map controls across frameworks to minimize duplicated work and enable consistent responses to overlapping requirements; contribute to a shared control inventory used by compliance, security, and program teams.
• Interpret framework language and authoritative guidance (NIST publications, DoD guidance, regulator FAQs) in the context of specific company systems and business scenarios and escalate ambiguity for formal risk decisions when appropriate.

Governance, Policy & ISMS Support

• Contribute to the maintenance of the company's Information Security Management System (ISMS) documentation set, including keeping control descriptions, evidence references, and scope statements accurate and current.
• Support the policy and standard lifecycle, including periodic review cycles, version control, exception governance, and clarification of control owner accountability.
• Produce compliance posture reporting and audit readiness metrics for governance forums and leadership review, including framework coverage, finding aging, and remediation progress.

Deliverable Writing & Artifact Contribution

• Draft and revise compliance deliverables including System Security Plans (SSP), Plans of Action & Milestones (POA&M), policy and standard content, control narratives, customer security questionnaire responses, and audit artifacts.
• Author clear, concise written responses to customer, auditor, and regulator inquiries, calibrated to the technical level of the audience and consistent with approved company positioning.

Risk Assessment & Treatment

• Own the operational risk assessment process and the supporting risk register, including conducting periodic and event-driven risk assessments, documenting current state, identifying deficiencies, and developing risk treatment recommendations.
• Route risk acceptance and exception decisions to the appropriate decision authority with the underlying analysis and documentation prepared for review; track decisions and ensure follow-through on conditions or expirations.
• Track open compliance findings and remediation activities, prepare status updates, and flag aging or high-severity items for escalation.

Third-Party & Supply Chain Risk

• Contribute to vendor and supplier security review activities, including evaluating vendor security questionnaires, reviewing supplier control attestations, and assessing residual risk for inclusion in procurement and program decisions.
• Support assessment of subcontractor and supplier flow-down compliance, including coordinating with sourcing and program management on supplier security obligations and remediation.

Audit & Assessment Support

• Support internal and external audit, assessment, and certification activities, including C3PAO engagements, ISO 27001 surveillance audits, customer assessments, and regulator inquiries.
• Coordinate evidence collection with system owners and control operators; validate that evidence is accurate, complete, and appropriately scoped before submission.
• Participate in assessor and auditor interviews as a subject matter contributor on specific controls and artifacts.

Cross-Functional Collaboration

• Partner with legal and sourcing on contract review, redlines, and flow-down language; with security program management on milestones, schedules, and audit coordination; and with security engineering and IT on evidence, control implementation detail, and remediation planning.
• Serve as a knowledgeable point of contact for internal teams seeking to understand what a given regulatory or contractual requirement means in practice.

What Success Looks Like in Year One

• Established a repeatable contract review intake process with legal and sourcing, including a maintained library of standard cybersecurity flow-down clauses and review turnaround expectations.
• Produced an end-to-end Requirements Traceability Matrix for at least one active federal program, traceable from contract clauses through framework controls to evidence sources.
• Stood up the operational risk register and routine risk reporting cadence, with at least one full assessment cycle completed and risk treatment decisions documented.
• Maintained the ISMS documentation set in audit-ready condition through at least one external assessment or surveillance cycle.

Required Qualifications:

• Five or more years of progressive experience in cybersecurity governance, risk, and compliance; IT audit; or a closely related discipline, with substantial hands-on exposure to framework interpretation and contract requirement analysis.
• Demonstrated working knowledge of NIST SP 800-171 and NIST SP 800-53, including control families, assessment procedures, and common implementation patterns.
• Experience contributing to SSP and POA&M artifacts, compliance matrices, or Requirements Traceability Matrices in a regulated environment.
• Practical experience supporting at least one formal audit, certification, or assessment cycle (for example CMMC, ISO 27001, SOC 2, FedRAMP, or comparable).
• Strong technical writing skills, including the ability to produce accurate, concise, and audience-appropriate compliance documentation. Writing samples may be requested as part of the interview process.
• Demonstrated comfort and interest in reading contractual and regulatory language carefully and translating it into specific, actionable internal requirements. This is a core part of the role, not an occasional task.
• Comfort working across multiple stakeholder groups — legal, sourcing, engineering, IT, security operations, and program management — and adjusting communication style accordingly.
• Bachelor's degree in Information Security, Information Systems, Business, a related field, or equivalent practical experience.

Preferred Qualifications:

• Direct experience with CMMC 2.0 assessment preparation, including familiarity with DFARS 252.204-7012 and 48 CFR Part 204.
• Familiarity with ISO 27001, FedRAMP, SOC 2, NIS2, GDPR data security obligations, or EU dual-use export control regimes.
• Experience handling Controlled Unclassified Information (CUI) in accordance with NARA and DoD requirements.
• Exposure to aerospace, defense, space, or other regulated technology environments.
• Experience reviewing or negotiating cybersecurity flow-down language in customer or supplier contracts.
• Working familiarity with Governance, Risk, and Compliance (GRC) tooling such as ServiceNow GRC, Archer, Hyperproof, Drata, Vanta, or equivalent.
• Industry certifications such as CISA, CRISC, CISSP, CGRC (formerly CAP), ISO 27001 Lead Implementer / Lead Auditor, CMMC Registered Practitioner (RP), or CMMC Certified Professional / Certified Assessor (CCP / CCA).
• Active US security clearance, or eligibility to obtain one.

Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in the office.

Access to US export-controlled software and/or technology may be required for this role. If needed, Spire will arrange the necessary licenses—this is not something candidates need to have before applying. #LI-DC1

The work

The SOC Analyst is a vital member of the Security Operations Center (SOC), serving as the first line of defense against cyber threats. This role involves continuous monitoring of security systems, analyzing alerts, identifying potential incidents, and responding swiftly to mitigate risks. Analysts leverage a variety of security tools, threat intelligence, and established procedures to maintain a strong security posture. This role requires a blend of technical expertise, analytical thinking, strong communication skills, and a commitment to continuous learning.

Key Responsibilities:

• Continuous Monitoring: Actively monitoring security systems, including SIEM (Splunk), IDS/IPS (e.g., Snort, Suricata), EDR (e.g., CrowdStrike Falcon, SentinelOne), firewalls, and other security devices, for suspicious activity.
• Alert Triage and Analysis: Reviewing and analyzing security alerts, distinguishing between true threats and false positives, and prioritizing incidents based on severity.
• Incident Response: Participating in incident response activities, including incident triage, containment, eradication, and recovery, following established incident response procedures.
• Log Analysis and Correlation: Analyzing security logs from various sources to identify patterns, anomalies, and potential security incidents.
• Threat Intelligence: Utilizing threat intelligence feeds to stay informed about emerging threats and vulnerabilities and incorporating threat intelligence into security monitoring and incident response.
• Documentation and Reporting: Creating detailed reports of security incidents, documenting incident timelines, actions taken, and lessons learned.
• Security Tool Management: Assisting in configuring, maintaining, and tuning security tools.
• Compliance: Contributing to compliance efforts by adhering to relevant security policies, standards, and regulations (e.g., NIST/FISMA)
• Collaboration: Working closely with other SOC analysts, incident responders, and IT teams to ensure effective security operations.
• Continuous Learning: Staying up to date with the latest cybersecurity threats, vulnerabilities, and technologies.

Key responsibilities:

• Actively monitor SIEM, IDS/IPS, EDR, firewalls, and other security systems for suspicious activity
• Triage and analyze security alerts, identifying true threats vs. false positives
• Support incident response activities including triage, containment, eradication, and recovery
• Analyze security logs and correlate events across multiple sources
• Integrate threat intelligence into monitoring workflows and incident investigations
• Document incident details, timelines, and actions taken
• Assist in tuning, configuring, and maintaining security tools
• Support compliance initiatives aligned to NIST, FISMA, and internal policies
• Collaborate with SOC team members, incident responders, and IT operations
• Maintain awareness of emerging cyber threats, vulnerabilities, and security practices

Here’s what you need:

• Bachelor's degree in computer science, information technology, or a related field (or equivalent experience).  
• 6+ years of experience in a SOC or related security environment.
• Strong understanding of networking concepts and protocols (TCP/IP, DNS, HTTP, etc.).
• Proficiency in using SIEM tools (Splunk) – advanced to master skill in Splunk Processing Language
• Familiarity with IDS/IPS, EDR, and other security technologies.
• Knowledge of common operating systems (Windows, Linux, macOS)

Nice to have:

• Relevant certifications (Security+, CompTIA CySA+, CEH, etc.) are a plus.
• Basic to intermediate knowledge of scripting languages (Python, Bash) for automation.
• Knowledge of cloud security concepts.

Eligibility requirements:

• Must be able to obtain and maintain a Public Trust government clearance
• Ability to work shift schedules as part of a 24/7 SOC operation

**CONTINGENT UPON CONTRACT AWARD**

Overview:

Description:

Minimum Qualifications:

Education:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field preferred, OR an Associate’s degree plus ten (10) years of recent specialized experience, OR 12 years of recent specialized experience.

As a SOC Analyst, you’ll be responsible for monitoring, detecting, and responding to cybersecurity threats within an organization's IT environment. You'll analyze security alerts, investigate suspicious activities, and implement measures to mitigate risks. You will also document incidents, improve security protocols, and collaborate with other teams to strengthen overall cybersecurity defenses.

We know that you can’t have great technology services without amazing people. At MetroStar, we are obsessed with our people and have led a two-decade legacy of building the best and brightest teams. Because we know our future relies on our deep understanding and relentless focus on our people, we live by our mission: A passion for our people. Value for our customers.

If you think you can see yourself delivering our mission and pursuing our goals with us, then check out the job description below!

What you’ll do:

• Weekend (Saturday and Sunday): (1st shift: 7:00 am - 3:00 pm, 2nd shift: 3:00 pm - 11:00 pm, or 3rd shift 11:00 pm - 7:00 am)
• Monitor security alerts and events using SIEM (Security Information and Event Management) tools.
• Collaborate with leadership to develop and refine comprehensive cybersecurity strategies aligned with industry best practices and regulatory requirements.
• Serve as a technical authority, offering in-depth expertise in areas such as threat detection, incident response, vulnerability management, and risk assessment.
• Assess, design, and implement advanced security architecture solutions that address the organization's evolving technology landscape.
• Identify, assess, and prioritize cybersecurity risks, working closely with cross-functional teams to mitigate potential threats effectively.
• Lead and coordinate incident response activities, guiding the team through timely and effective resolution of security incidents and breaches.
• Provide training and mentorship to internal teams, raising overall cybersecurity awareness and competence throughout the organization.
• Conduct thorough security audits and assessments to identify vulnerabilities, weaknesses, and areas for improvement.
• Investigate security incidents to determine root causes and implement remediation strategies.
• Conduct threat intelligence analysis to identify and mitigate emerging cyber threats.
• Perform real-time analysis of security logs and network traffic for anomalies.
• Develop and update SOC processes, playbooks, and incident response plans.
• Provide reports and recommendations to enhance security posture.

What you’ll need to succeed:

• 5+ years of experience in a SOC environment.
• An active TS/SCI security clearance
• Experience in identifying, analyzing, and responding to security incidents using SIEM tools and threat intelligence platforms.
• Strong skills in containing, mitigating, and resolving cybersecurity incidents following established protocols.
• Solid understanding of network protocols, firewalls, and endpoint security solutions to assess potential vulnerabilities.
• Experience examining system logs, packet captures, and forensic data to identify malicious activity.
• Ability to clearly document findings, write detailed incident reports, and effectively communicate with technical and non-technical stakeholders.).
• Experience with automation tools and scripting languages to streamline security operations, threat detection, and incident response.
• Experience managing security events, and cyber threat response.
• Familiarity with ITIL frameworks, incident management, and service desk operations.

Hourly Part-Time Range: $67.00 - $72.00 

The salary rate for this position is determined based on qualifications, skills, and relevant experience. The final hourly rate offered will be determined based on several factors including: 

• The candidate's professional background and relevant work experience
• The specific responsibilities of the role and organizational needs
• Internal equity and alignment with current team compensation
• This role is also eligible for additional compensation, subject to the terms and policies of MetroStar, which may include:
• Performance-based bonuses
• Company-paid training and/or certifications
• Referral bonuses

Security Operations Lead (SOC Lead)

Role Summary

The Security Operations Lead will oversee all SOC functions and lead a blended team of SOC Analysts and Security Engineers to ensure rapid detection, investigation, and response to security threats. This role is responsible for driving threat hunting, leading major incidents, engineering detection capabilities, and maturing SOC operations to stay ahead of evolving adversary behaviors. The Lead acts as the central coordination point during security events and sets the strategic direction for the SOC to ensure continuous, mission-critical security coverage.

Key Responsibilities

SOC Leadership & Operations

• Lead day‑to‑day SOC operations, including queue management, alert triage oversight, escalation handling, on‑call rotations, and daily situational reporting.
• Mentor and develop SOC analysts across tiers; refine SOPs, workflows, and response playbooks.
• Drive threat hunting activities focused on identifying patterns, outliers, and TTP‑aligned behaviors across host, network, email, and cloud logs.
• Oversee SIEM dashboarding, alert tuning, log source health, and rule/correlation development to strengthen detection depth.
• Coordinate with Security Engineering to ensure logging fidelity, sensor coverage, and integration of new technologies.

Incident Response

• Lead the full lifecycle of incident response: identification, containment, eradication, recovery, forensics support, and post-incident reporting.
• Perform or direct deep-dive investigations using SIEM, NDR, EDR, packet analysis tools, and forensic artifacts.
• Provide expert investigative support for large-scale or complex incidents where technical detections may not be available.
• Guide analysts during high‑severity incidents and act as the primary interface with client leadership and internal stakeholders.
• Oversee threat intelligence intake and ensure IOCs, adversary behaviors, and campaign indicators are integrated into SOC detections.

Detection Engineering & Threat Analytics

• Develop and optimize SIEM correlation rules, dashboards, and monitoring logic.
• Enhance playbooks and automation pipelines to improve consistency and reduce analyst workload.
• Ensure ongoing alignment to evolving threat actor TTPs, including insider threat and APT-style behaviors.
• Integrate new data sources into SOC detection pipelines and validate alert efficacy.

Required Qualifications:

• 8 years of cybersecurity experience, with 3+ years leading SOC or IR teams.
• Hands-on experience triaging alerts, logs, events, and incident artifacts across enterprise environments.
• Strong experience with one or more of the following technologies: SIEM (Splunk. Elastic etic), NDR (ExtraHop), EDR/XDR (Trellix), and packet analysis tools.
• Demonstrated ability to lead incident response for high-severity cybersecurity events.

Preferred Qualifications:

• Advanced experience in threat hunting, analytics, and adversary behavior profiling.
• Certifications such as CISSP, GCIH, GCIA, GCED, CEH, or similar.
• Experience building SIEM/SOAR automations and custom detection content.
• Familiarity with malware triage, static/dynamic analysis, and IOC development.
• Experience leading SOCs supporting federal missions or high‑tempo operational environments.
• Exposure to cloud security monitoring (Azure/AWS/GCP) and SaaS logging integrations.

Job Description: Director of Analyst Relations

The Opportunity

Torq is redefining the AI SOC category. As the Director of Analyst Relations, you will be the chief architect of our reputation among the industry’s most critical influencers.

Your mission is to ensure that every relevant analyst at every major firm understands who Torq is, how our tech is unique, and why enterprises prefer Torq to transform how they understand and manage risk. This is a high-stakes role for a strategist who can translate the technical power and combination of Agentic AI and automation into a market-defining narrative.

What You’ll Do

• Own the Narrative: Build and lead a world-class AR program that positions Torq as the undisputed leader in the emerging AI SOC category.
• Lead the "Evaluations" War Room: Direct Torq’s participation in major research reports (e.g, Gartner Magic Quadrant, KuppingerCole Leadership Compass, Frost & Sullivan Radar, etc.). You will manage the entire lifecycle from technical RFIs to high-pressure executive briefings, ensuring our story is undeniable.
• Bridge Product & Influence: Collaborate closely with our Product and Engineering teams to distill advanced concepts into strategic insights that analysts can’t ignore.
• Strategic Feedback Loop: Don't just talk to analysts; listen to them. Bring outside-in competitive intelligence and market trends back to our Product Marketing and GTM teams to refine our edge.
• Executive Coaching: Prepare our C-suite and technical founders for briefings, ensuring every interaction reinforces Torq’s unique position in the market.

The Ideal Profile

• Security Savvy: You live and breathe cybersecurity. You understand SOC personas and pain points, the friction of legacy tools, and how agentic AI is fundamentally changing the game for defenders.
• AR Heavyweight: You have 8+ years of experience in AR or Corporate Communications, with a proven track record of moving the needle in the B2B security space.
• Agile & Scrappy: Torq moves fast. You thrive in a high-growth environment where you need to be both the "thinker" and the "doer."
• The Master Communicator: You can take a complex, technical "how-to" and turn it into a "why it matters" for a Tier-1 analyst.
• Methodology Expert: You know the Gartner and other firms' playbooks inside and out and know how to navigate their processes to maximize impact.

Why Torq?

• Category Creators: We aren't following a trend; we are setting the pace for how the modern SOC operates.
• Unmatched Tech: You'll be representing a platform that actually delivers on the promise of the AI SOC spanning the entire threat management lifecycle.
• Remote-First Excellence: We are a distributed team of high-performers who value autonomy, speed, and results.

SpecterOps is looking for candidates to support Security Operations at a SpecterOps customer site working directly with client personnel and systems. Candidates will independently support the client engineering, managing, and monitoring Security Operations Center (SOC) systems. A successful candidate will have excellent technical skills focused in the security operations space, impeccable soft skills, and be a well-organized, self-directed individual with familiarity working for a service-based information security organization. 

Salary Range: $110,000-$160,000 base salary annually, commensurate with experience.

Location: On site client physical location - Washington, DC

Requirements

• Current TS/SCI Clearance or eligible for Sensitive Compartmented Information designation
• Have the following operating hours: Monday through Friday, 9AM - 6PM US Eastern Time on site at Washington DC location. Be available for after-hours or weekend work in urgent incident response scenarios
• Provide expertise in a supporting capacity for incident response activities and digital forensics state preservation, including the capture and preservation of system logs, volatile memory captures, and hard drive (physical or virtual) image captures
• Established experience in operating in SOC environment, either through relevant experience or qualifications, is required
• Knowledge of operating and maintaining a SIEM
• Knowledge of cloud architectures, particularly AWS or Azure
• Experience with programming or scripting languages such as PowerShell, Python, and Bash
• Conduct host forensics, network, forensics, log analysis, and malware triage in support of hunt operations
• Interface with client contact(s) and staff in a constructive and professional manner
• Utilize common forensic and incident response tools
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences

Nice to haves

• Experience in penetration testing
• Ability to quickly learn new technologies and have an ongoing desire to stay current with the latest technologies
• Ability to train others on the use of forensic and incident response techniques and tools

What We Offer:   

• Health/Dental/Vision/life insurance: 100% covered for both the employee and their family    
• Flexible time off policy    
• 13 paid holidays annually    
• 401(k) with up to 4% company match    
• Stock Options & bonuses 
• Remote work: $1,500 new hire allowance to set up home office    
• $500 annual home office allowance after first year 
• $150 monthly cell phone and internet reimbursement   
• $5,000 annual professional development allowance   
• $5,250 towards continuing education or student loan repayment    
• $1,200 annual budget for lifestyle, wellness, pet insurance and more 
• A one-time $10,000 benefit towards family planning     
• In person and virtual employee events throughout the year    
• And of course, company swag!    

 All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.  To request reasonable accommodations, please contact us at careers@specterops.io  

Unsolicited resumes are not accepted   

#LI-REMOTE