ECS

Cyber Threat Analyst 2

ECS$90K — $120K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3+ years of SOC or cybersecurity-related experience, including 2+ years with a SIEM tool.
  • U.S. citizenship and ability to obtain a SECRET Government Security Clearance.
  • Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience.
  • Deep technical understanding of modern cybersecurity threats and rapid learning ability of new concepts.
  • Extensive experience with EDR, SIEM, SOAR, and ticketing technologies like Elastic and Splunk.
  • Strong skills in analyzing events from firewalls, network traffic, and other logs.
  • Proficient in scripting with languages like Python or PowerShell.

Responsibilities

  • Lead incident response efforts and create detailed technical reports.
  • Mentor junior SOC analysts and act as an escalation point.
  • Develop custom detections in line with the MITRE ATT&CK Framework.
  • Perform threat hunting and data analytics to identify unseen threats.
  • Tune security tools to minimize false positives and improve efficiency.
  • Analyze and correlate logs to create comprehensive timelines for incidents.
  • Facilitate collaboration for threat remediation with IT and end users.

Benefits

  • Support for professional development and further education.
  • Opportunities to work on significant cybersecurity projects.
  • Collaborative and innovative work environment.
  • Access to advanced security tools and technologies.
  • Engagement in incident response for both internal and commercial clients.
Full Job Description
Everforth ECS is seeking a Cyber Threat Analyst 2 to work in our Fairfax, VA office.

Our Tier 2 SOC Analysts are responsible for investigating threats targeting ECS' internal network and commercial customers. They support the commercial cybersecurity program during core and non-core business hours.

Responsibilities:
  • Lead incident response efforts, including forensic triage and detailed technical reporting.
  • Mentor and act as an escalation point for junior SOC analysts.
  • Develop and implement custom detections aligned with the MITRE ATT&CK Framework.
  • Conduct threat hunting and perform data analytics to identify and mitigate unseen threats.
  • Tune and configure security tools to minimize false positives.
  • Analyze and correlate logs from various sources to create comprehensive incident timelines.
  • Facilitate threat remediation efforts by collaborating with IT teams and end users.
  • Serve as a subject matter expert for security tools, applications, and processes.
  • Support the investigation of large- and small-scale cyber breaches.
  • Communicate cyber events to internal and external stakeholders.
  • Provide customers with incident response support, including mitigating actions to contain activity and facilitate forensics analysis when necessary. Document formal, technical incident reports.


  • 3+ years of SOC or cybersecurity-related experience, with at least 2+ years of experience with a SIEM tool.
  • U.S. citizenship and ability to obtain a SECRET Government Security Clearance.
  • Bachelor's degree; preferably in Computer Science, Information Security, or a related field. Will consider experience in lieu of a degree.
  • Deep technical understanding of modern cybersecurity threats and the ability to quickly learn new cybersecurity concepts.
  • Prior experience working as an analyst in a Security Operations Center (SOC).
  • Extensive experience with EDR, SIEM, SOAR, and ticketing technologies, particularly Elastic, Splunk, Trellix, MS Sentinel/Defender, and Crowdstrike Falcon.
  • Knowledge of threat actor tactics, techniques, and procedures (TTPs).
  • Proficient in analyzing logs such as firewall, network traffic, IIS, Antivirus, and DNS.
  • Deep understanding of incident response processes, including forensic triage, determining scope, urgency, and potential impact of incidents.
  • Ability to support ad hoc scripting in any language, with experience using Python or PowerShell.
  • Ability to correlate events from multiple sources to create a timeline analysis.
  • Strong ability to organize case notes and communicate verbally and in writing to clients. Capable of preparing detailed technical reports.
  • Experience creating custom detections aligned with the MITRE ATT&CK Framework.
  • Experience in hunting for new threats and performing data analytics to identify unseen activities within the environment.
  • Ability to facilitate remediation of threats by collaborating with other IT teams or end users.
  • Acts as a mentor and escalation point for SOC Analysts.
  • Skill in tuning security tool configurations to minimize false positives.
  • Serve as a subject matter expert for security tools, applications, and processes.

About ECS

ECS is a leading provider of digital solutions and services to the federal government. The company was founded in 2001 by Roy Kapani and has since grown to become a trusted partner to a wide range of government agencies. ECS offers a broad range of services, including cloud computing, cybersecurity, and artificial intelligence. The company has been recognized for its innovative solutions and has won numerous awards, including the AWS Public Sector Partner of the Year award.
Learn more about ECS
Size
2,000 employees
Industry

Similar Jobs

More Jobs at ECS

More Information Technology Jobs

Find similar Cyber Threat Analyst 2 jobs: