As a leading managed cybersecurity services provider, ECS delivers highly tailored cybersecurity solutions aligned to each customer’s mission needs. The Professional Services Team partners with customers to understand their environment, strengthen security posture, and deliver measurable outcomes across detection, response, and continuous improvement.

We are seeking a Security Analyst with strong Elastic SIEM experience and solid cybersecurity fundamentals who can investigate alerts, hunt threats, and help operationalize detection capabilities across network, cloud, and endpoint telemetry. This role requires analytical rigor, comfort working directly with customers, and the ability to operate with limited oversight in fast-paced environments.

Key Responsibilities

• Network Monitoring & Intrusion Detection: Perform analysis using defense tools including IDS/IPS, firewalls, and host-based security systems.
• SIEM Operations (Elastic SIEM): Use Elastic SIEM to correlate events, identify indicators of compromise, and produce actionable intelligence for response.
• Threat Detection Engineering (Analyst-led): Implement and improve log-based and endpoint-based detection strategies; validate detections and recommend tuning based on outcomes.
• Content Development: Develop and tune SIEM content such as detection rules, machine learning rules, dashboards, and visualizations aligned to customer requirements.
• Activity Correlation: Correlate data across network, cloud, and endpoints to identify attacks and unauthorized actions.
• Alert Management & Reporting: Triage alerts from SIEM and other sensors; document incidents with clear technical reporting and recommendations.
• Threat Research: Investigate emerging threats and vulnerabilities to enhance detection and incident identification processes.
• Phishing Analysis: Analyze phishing submissions and recommend appropriate response actions.
• Incident Response Support: Support containment and mitigation activities; contribute to root cause analysis and corrective actions.
• Automation & Integrations: Create or maintain scripts (Python/PowerShell) for investigation support, enrichment, and workflow automation; help integrate telemetry sources into Elastic as needed.
• Customer Training & Enablement: Provide training to customer teams on SIEM usage, detection capabilities, investigation workflows, and security best practices to drive long-term operational success.
• Operational Excellence: Contribute to documentation (runbooks, detection standards, triage playbooks) and continuous improvement of SOC workflows.