Junior Security Operations Center Analyst

Job Description

Everforth ECS is seeking a Junior Security Operations Center Analyst to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax .

Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Junior Security Operations Center (SOC) Analyst performs entry-level cyber defense and continuous monitoring operations across WDP's classified and unclassified network environments, supporting the protection of mission-critical AI and data platform capabilities spanning NIPRNet, SIPRNet, and JWICS. This role develops foundational skills in alert triage, incident documentation, and threat awareness under the direct mentorship of senior SOC analysts in a high-tempo, operationally significant government cybersecurity environment.

Performs foundational cyber defense operations supporting continuous monitoring activities across Department of War enterprise networks operating on NIPRNet, SIPRNet, and JWICS.
Monitors security dashboards and alert queues generated by Security Information and Event Management platforms such as Splunk and Elastic, identifying indicators of compromise, policy violations, and anomalous system behavior.
Conducts initial alert triage using documented incident response playbooks aligned to DoW Cyber Incident Handling Program guidance, validating event severity and routing incidents through ServiceNow workflows.
Executes basic investigation steps including log review, endpoint status verification, and correlation of host and network telemetry under senior analyst direction.
Documents investigative actions, timelines, and observations within SharePoint repositories and ticketing systems to support auditability and continuous monitoring requirements under the Risk Management Framework.
Supports containment and remediation efforts by coordinating with system administrators, vulnerability management teams, and Information System Security Officers during active incidents.
Maintains situational awareness through review of threat intelligence feeds, internal advisories, and IAVA notifications to inform alert handling.
Participates in shift turnover briefings and contributes to operational reporting products including daily alert summaries and incident tracking updates.
Delivers reliable alert processing, accurate documentation, and disciplined escalation practices that sustain operational readiness, protect mission systems, and strengthen cyber defense posture across supported operational environments.
Performs other duties as assigned.

Required Skills

Current Secret security clearance.
Experience in cybersecurity operations, IT security, network monitoring, or a closely related discipline, including relevant academic, internship, or lab-based experience demonstrating foundational cyber defense skills.
IAM Level I certification from an approved credential, including CompTIA Security+ CE, ISC CAP, ISC SSCP, or GIAC G

Desired Skills

Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
Hands-on familiarity with SIEM platforms such as Splunk or Elastic, including experience navigating dashboards, constructing basic queries, and reviewing log data in a lab, academic, or professional cybersecurity environment.
Basic understanding of the MITRE ATT&CK framework and common adversary tactics, techniques, and procedures, with a demonstrated interest in applying threat intelligence concepts to alert triage and incident investigation workflows.
Exposure to IT service management platforms such as ServiceNow or equivalent ticketing systems, including experience logging, tracking, and documenting security events or IT incidents within structured workflow environments.
Familiarity with Risk Management Framework concepts and DoW or federal continuous monitoring obligations, including awareness of NIST 800-53 security controls, IAVA notification processes, and the role of cybersecurity documentation in supporting system authorization activities.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven