SOC Analyst (SR.)

Job Description

Everforth ECS is seeking a Senior SOC Analyst to work remotely .

At Everforth ECS Federal, we're driven by a commitment to excellence and innovation in solving complex challenges. As a premier provider of advanced technology solutions and services, our mission is to secure and optimize the most critical commercial, government, defense, and intelligence projects across the country. Our team is composed of dynamic professionals who thrive in a collaborative and empowering environment, where our team members leverage the latest technologies and insights to make a real-world impact. Join us and be part of a forward-thinking organization that values your expertise and supports your professional growth.

The Senior SOC Analyst is responsible for advanced security monitoring, investigation, and incident response activities within the Everforth Security Operations Center (SOC). This role serves as a senior technical resource within the analyst team, responsible for leading complex investigations, mentoring junior analysts, and ensuring high-quality incident analysis across enterprise environments. The Senior SOC Analyst plays a critical role in identifying sophisticated threats, escalating security incidents, and improving SOC investigative capabilities.

This role reports to the SOC Manager and works closely with the Security Engineering team, enterprise IT operations teams, and the Everforth Commercial MSSP to ensure effective monitoring, investigation, and response across the enterprise.

R esponsibilities

• Advanced Threat Investigation : Conduct in-depth analysis of complex security alerts, anomalies, and potential threat activity across enterprise environments.

• Incident Response Support : Lead investigation and response activities for confirmed or suspected cybersecurity incidents affecting enterprise systems.

• Alert Triage and Escalation : Perform detailed triage of security alerts and escalate validated incidents according to established procedures.

• Investigation Leadership : Serve as the lead analyst during significant investigations, coordinating investigative efforts and guiding response activities.

• Threat Analysis : Analyze indicators of compromise, attacker behavior, and malicious artifacts to determine the scope and impact of security incidents.

• Detection Engineering : Develop and refine detection logic, analytics, and monitoring use cases based on investigative findings and threat intelligence.

• Threat Hunting : Conduct proactive threat hunting activities to identify adversary behavior not detected through automated alerts.

• MSSP Escalation Handling : Review and validate alerts and escalations originating from the MSSP after- hours monitoring team.

• Investigation Documentation : Ensure thorough documentation of investigations, findings, and response actions within the SOC case management platform.

• Operational Quality Assurance : Support the SOC Manager in maintaining investigation quality and adherence to SOC playbooks and procedures.

• Operational Effectiveness: Leads the design and implementation of SOC process improvements through automation, AI-driven solutions, workflow optimization, and continuous enhancement of detection and response capabilities.

• Operational Collaboration : Work closely with IT operations, infrastructure teams, and security engineering to support investigation and remediation activities.

• Knowledge Sharing : Mentor junior SOC analysts and provide guidance on investigative techniques, threat analysis, and incident handling procedures.

• Situational Awareness : Maintain awareness of emerging threats, attacker tactics, techniques, and procedures relevant to enterprise environments.

• Playbook Execution : Execute established SOC investigation playbooks and contribute to the refinement of operational procedures.

• On-Call Support: Participates in on-call support to assist with security incident response, operational issues, and investigation activities to maintain continuous SOC coverage and response capability.

Required Skills

Require d Skills

• Experience : Minimum of 5 years of cybersecurity experience, with at least 3 years in a Security Operations Center or incident response role.

• Security Investigation Expertise : Strong experience investigating security alerts, analyzing suspicious activity, and determining the scope and impact of security incidents.

• Incident Response Experience : Hands-on experience supporting incident response investigations including containment, eradication, and recovery coordination.

• Security Technology Experience : Experience working with enterprise security tools such as SIEM platforms, EDR platforms, and log analysis systems.

• Threat Analysis Skills : Ability to analyze indicators of compromise, attacker behaviors, and adversary techniques during investigations.

• Log Analysis Expertise : Strong experience reviewing and interpreting system logs, endpoint telemetry, network events, and authentication activity.

• Detection Engineering Experience : Experience developing or tuning detection rules, analytics, or monitoring logic used to identify malicious activity.

• Security Framework Knowledge : Familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework or CIS Critical Security Controls.

• Investigation Documentation : Experience documenting investigations, incidents, and response actions within case management platforms.

Other Requirements of the position include:

• Ab l e and willing to obtain a US Security Clearance .

• This role may require occasional on-call support during off-hours to respond to security incidents.

Desired Skills

Desired Skills

• Threat Hunting Experience : Experience conducting proactive threat hunting using enterprise telemetry and security analytics.

• Adversary Tactics Knowledge : Familiarity with adversary tactics, techniques, and procedures aligned to frameworks such as MITRE ATT&CK.

• Cloud Security Monitoring : Experience investigating security events within cloud environments and SaaS platforms.

• Security Automation Awareness : Understanding of automation capabilities used to support investigation and response workflows.

• Security Certifications : Industry certifications such as GCIA, GCIH, GCED, CISSP, or Security+.

• Excellent analytical and problem-solving skills , with the ability to handle complex security challenges and think like an adversary

• Strong communication skills , with the ability to articulate complex technical concepts to both technical and non-technical audiences.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees . Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams

• Fostering a culture that is engaging, accountable, and mission-driven

Meet the challenge. Make a difference with Everforth ECS!