Defensive Cyber Operations Watch Analyst Tier II jobs in United States
cer-icon
Apply on Employer Site
company-logo

Adapt Forward · 2 hours ago

Defensive Cyber Operations Watch Analyst Tier II

positionNorth Charleston, SC
timeFull-time
remoteOnsite
seniorityMid, Senior Level
date5+ years exp

Adapt Forward is a cybersecurity solutions provider for some of the nation’s most valuable information systems. As a Tier 2 Defensive Cyber Operations (DCO) Watch Analyst, you will analyze and respond to security incidents, mentor junior analysts, and enhance CSSP capabilities while adhering to reporting standards.

ComputerCyber SecurityNetwork Security
check
Comp. & BenefitsbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Analyze and respond to validated security incidents, determining severity and impact per CJCSM 6510.01B
Support incident response campaigns by organizing response efforts, tracking progress, and ensuring proper documentation
Coordinate with reporting agencies and subscriber sites to ensure timely and accurate incident reporting
Perform network and host-based digital forensics on Windows and other operating systems as needed
Conduct log correlation analysis using Splunk and supplemental tools to identify patterns in network and system activity
Compile and maintain internal SOP documentation, ensuring compliance with CJCSM 6510.01B and other directives
Provide 24/7 support for incident response during assigned shifts, including non-core hours
Support IDS/IPS signature development and implementation under guidance
Overtime may be required to support incident response actions (Surge)
Operations are conducted 24/7/365 across three regional operation centers (ROC)
Each ROC works four ten-hour shifts (Sunday-Wednesday or Wednesday-Saturday)
Shift placement is at the discretion of assigned managers
Up to 10% travel may be required, may include international travel
Must maintain a current US Passport

Qualification

Incident responseLog correlation analysisDigital forensicsTechnical documentationSIEM proficiencyScripting skillsThreat intelligence integrationCybersecurity passionMentoringContinuous learningTeam collaborationProblem-solvingCommunication skills

Required

Bachelor's Degree in relevant discipline or at least 5 years of experience working in a CSSP, SOC, or similar environment
At least 1 year experience conducting in-depth analysis or incident response with any of the following tools: Splunk, Elastic, Corelight, Palo Alto Panorama, Windows Azure/Defender, AWS, Crowdstrike, Volatility, or SIFT Workstation
At least 1 year of experience authoring technical documentation for security incidents, such as creating detailed investigation timelines, documenting indicators of compromise (IOCs), or writing shift turnover reports for ongoing incidents
Must be a U.S. Citizen
Must have DoD 8570 IAT Level II and CSSP IR compliant certifications

Preferred

Demonstrated experience conducting in-depth log correlation and analysis for complex security incidents across multiple data sources (e.g., EDR, IDS/IPS, DNS, & operating system logging solutions)
Advanced proficiency in writing complex search queries in SIEM platforms (e.g., Splunk, Elastic, Sentinel) to identify anomalous or malicious activity
Experience building advanced scripts (e.g., in Python, PowerShell, Bash, etc) to automate detection and analysis tasks
Experience integrating and operationalizing threat intelligence feeds to create new detection mechanisms or enrich existing data
Previous experience informally mentoring junior analysts, creating training documentation, or leading small-group knowledge-sharing sessions
Demonstrated passion for cybersecurity and continuous learning through active participation in Capture the Flag (CTF) events, (e.g., TryHackMe, Hack The Box, etc)
Completion of practical, hands-on cybersecurity training courses or certifications (e.g., Security Blue Team BTL1/BTL2, AntiSyphon training courses, OffSec OSCP)

Benefits

Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
401k Retirement Plan with Matching Contribution is immediately available and vested.
Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.

Company

Adapt Forward

twittertwittertwitter
company-logo
Adapt Forward is a cyber security company that specializes in defensive and offensive cyber capabilities.
dateFounded in 2015
location
North Charleston, South Carolina, USA
people-size51-200 employees
web-link
https://www.adaptforward.com/

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Rich Bowman
President and CEO
linkedin

Recent News

GlobeNewswire
Adapt Forward Selected for Missile Defense Agency’s SHIELD Contract to Support Nation’s Golden Dome Initiative
2025-12-16
Adapt Forward
Adapt Forward welcomes back cybersecurity veteran Micheal Small as technical lead of detection and response
2025-09-24
Company data provided by crunchbase