Job Description

Everforth ECS is seeking a Cyber Threat Analyst 2 to work in our Fairfax, VA office.

Everforth ECS is a leading managed cybersecurity services provider, ECS delivers a highly tailored and customized offering to each customer. Our team is responsible for protecting the ECS corporate and customer networks. Our mission is broad, and our team is agile. We will leverage your unique skills to help solve customers’ challenges, such as engineering a system to address a technical hurdle, protecting customer data, or consulting on a wide range security topics. You are empowered to engage and lead across multiple groups and must have the self-sufficiency and focus to work well without constant oversight.

Our Tier 2 SOC Analysts are responsible for investigating threats targeting ECS’ internal network and commercial customers. They support the commercial cybersecurity program during core and non-core business hours.

Responsibilities:

• Lead incident response efforts, including forensic triage and detailed technical reporting.
• Mentor and act as an escalation point for junior SOC analysts.
• Develop and implement custom detections aligned with the MITRE ATT&CK Framework.
• Conduct threat hunting and perform data analytics to identify and mitigate unseen threats.
• Tune and configure security tools to minimize false positives.
• Analyze and correlate logs from various sources to create comprehensive incident timelines.
• Facilitate threat remediation efforts by collaborating with IT teams and end users.
• Serve as a subject matter expert for security tools, applications, and processes.
• Support the investigation of large- and small-scale cyber breaches.
• Communicate cyber events to internal and external stakeholders.
• Provide customers with incident response support, including mitigating actions to contain activity and facilitate forensics analysis when necessary. Document formal, technical incident reports.

Qualifications

• 3+ years of SOC or cybersecurity-related experience, with at least 2+ years of experience with a SIEM tool.
• U.S. citizenship and ability to obtain a SECRET Government Security Clearance.
• Bachelor’s degree; preferably in Computer Science, Information Security, or a related field. Will consider experience in lieu of a degree.
• Deep technical understanding of modern cybersecurity threats and the ability to quickly learn new cybersecurity concepts.
• Prior experience working as an analyst in a Security Operations Center (SOC).
• Extensive experience with EDR, SIEM, SOAR, and ticketing technologies, particularly Elastic, Splunk, Trellix, MS Sentinel/Defender, and Crowdstrike Falcon.
• Knowledge of threat actor tactics, techniques, and procedures (TTPs).
• Proficient in analyzing logs such as firewall, network traffic, IIS, Antivirus, and DNS.
• Deep understanding of incident response processes, including forensic triage, determining scope, urgency, and potential impact of incidents.
• Ability to support ad hoc scripting in any language, with experience using Python or PowerShell.
• Ability to correlate events from multiple sources to create a timeline analysis.
• Strong ability to organize case notes and communicate verbally and in writing to clients. Capable of preparing detailed technical reports.
• Experience creating custom detections aligned with the MITRE ATT&CK Framework.
• Experience in hunting for new threats and performing data analytics to identify unseen activities within the environment.
• Ability to facilitate remediation of threats by collaborating with other IT teams or end users.
• Acts as a mentor and escalation point for SOC Analysts.
• Skill in tuning security tool configurations to minimize false positives.
• Serve as a subject matter expert for security tools, applications, and processes.