Job Title: SOC Analyst
Location: On-Site – Seaside, CA (DoD Center – Monterey Bay); 24x7 SOC, rotating shifts
Clearance Required: Active Secret
Employment Type: Full-Time
Overview
Cornerstone Technology Enterprises is seeking experienced cybersecurity professionals to support a large Department of Defense enterprise cybersecurity program for our government customer. For this position, we are hiring a SOC Analyst: a hands-on, on-site security monitoring role inside a 24x7 Security Operations Center — if you thrive monitoring the enterprise, catching the first sign of trouble, and getting the right people moving fast, this role is built for you.
Working on-site at the DoD Center – Monterey Bay in Seaside, CA, you will be the first set of eyes on security events across the classified (SIPRNet) and unclassified networks that protect the personnel, pay, and identity data of millions of service members and their families. Day-to-day, that means monitoring SIEM dashboards, triaging alerts against established runbooks, correlating activity to known threats, escalating what matters, and documenting everything cleanly for the analysts and incident responders who come next.
You’ll support one of the Department of Defense’s largest enterprise environments, spanning approximately 15,000 network and endpoint devices, hundreds of mission applications, and globally deployed identity management systems.
Candidates with a SOC analyst, NOC, IT support-to-security, help desk, or military cyber/communications background are strongly encouraged to apply. This role is classified under a contract labor category as Analyst III. Because the SOC runs around the clock, you must be able to work on-site and support a rotating shift schedule, including nights, weekends, and holidays as assigned.
What You Will Do
Security Monitoring & Event Detection (~35%)
- Monitor SIEM dashboards and security tooling in a 24x7 environment to detect anomalies and potential security events as they happen
- Provide initial event detection and triage, correlating alerts to network and host activity to separate real threats from noise
- Maintain continuous situational awareness of ongoing events and the health of monitored systems across the enterprise
Triage, Analysis & Escalation (~25%)
- Perform first-pass analysis of alerts following established runbooks and standard operating procedures
- Categorize and prioritize events by severity and escalate confirmed or suspicious activity to Tier 2 analysts and incident responders
- Apply basic threat intelligence to enrich alerts and recognize indicators of compromise
Documentation & Reporting (~20%)
- Accurately document all alerts, tickets, and logs, ensuring a complete and auditable record of analysis and actions taken
- Produce daily SOC shift turnover reports to hand off active events and maintain mission continuity
- Contribute to incident timelines and supporting documentation for events escalated to higher tiers
Shift Operations & Continuous Improvement (~20%)
- Maintain consistent 24x7 coverage and contribute to smooth shift turnover and SOC battle rhythm
- Recommend improvements to runbooks, detection logic, and triage procedures based on what you see on shift
- Support SOC drills, training, and process refinement to strengthen detection and response over time
Required Qualifications
- Active Secret clearance
- U.S. citizenship (required for CAC, DoD network, and SIPRNet access)
- Ability to work on-site in Seaside, CA and support a 24x7 rotating shift schedule (nights, weekends, and holidays as assigned)
- 1–3 years of experience in a SOC, security monitoring, NOC, or IT/network operations role
- Hands-on experience monitoring and triaging alerts using enterprise SIEM platforms such as Splunk, Elastic, Microsoft Sentinel, QRadar, ArcSight, or similar
- Working knowledge of networking fundamentals (TCP/IP, common ports and protocols) and common attack types
- Strong documentation discipline and attention to detail under time pressure
- CompTIA Security+ (or ability to obtain within 30 days of start) to meet the DoD 8140/8570 IAT Level II baseline
Preferred Qualifications
- Experience in a 24x7 DoD or federal Security Operations Center
- Familiarity with SOAR platforms and runbook/playbook-driven response
- Exposure to enterprise security and operations tools such as Tanium, ACAS/Tenable Nessus, Trellix/HBSS, or SolarWinds
- Knowledge of the MITRE ATT&CK framework and threat intelligence correlation
- Alignment to DCWF Work Role 511 (Cyber Defense Analyst); certifications such as CySA+, GSEC, GCIA, or CEH
- Familiarity with RMF, DISA STIGs, and DoD incident categorization
- Experience supporting a large-scale DoD IT operations program in a federal/DoD environment
Why Join Cornerstone?
Cornerstone Technology Enterprises is a veteran-owned small business with deep experience supporting federal and defense missions. Our teams operate inside production environments, supporting systems that matter, while maintaining a culture that values trust, accountability, and technical excellence.
This role puts you on the front line of a 24x7 Security Operations Center at the DoD Center – Monterey Bay, defending the systems that safeguard our service members’ personnel and identity data. It is an opportunity to build a cybersecurity career on a national-level DoD mission, with a clear path to grow from first-line monitoring into deeper analysis and incident response.
Pay: $65,000.00 - $75,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Employee discount
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Retirement plan
- Vision insurance
License/Certification:
- CompTIA Security+ (Required)
Security clearance:
Work Location: In person