Job Description ECS is seeking a
Tier 2 Cyber Threat Analyst (CTA) to work in our
Fairfax, VA office.
Job Description: ECS is seeking
Tier 2 Cyber Threat Analyst (CTA) to support a robust Cybersecurity Program in an operational DoD environment that houses multiple U.S. Coalition Mission Partner Environments (MPE), each with a unique set of data, applications, and information systems that aid in their development of Artificial Intelligence / Machine Learning (AI/ML) algorithms. The Tier 2 CTA executes operational cybersecurity processes that mitigate risk; ensure continuity of operations; and protect assets from loss, destruction, misuse, alteration, and unauthorized access / disclosure.
This position is a demanding, high-energy role that requires innovative ideas to cyber solutioning. The ideal candidate has a blend of technical abilities (e.g., networking, intrusion detection, OS knowledge, scripting, cloud security), essential soft skills (e.g., analytical thinking, problem-solving, clear communication), and intellectual curiosity critical for analyzing threats, managing incidents, assessing risks, and protecting assets from evolving cyber threats. The Tier 2 CTA reports to the SOC Manager, and collaborates closely with other tiered-level CTAs to secure and protect MPEs and related development initiatives.
Responsibilities - Perform security event triage, investigation, and incident response.
- Monitor, detect, and analyze security threats, risks, and alerts using SOC tools; determine scope, severity, and impact.
- Conduct advanced threat hunting, malware analysis, and investigation of Indicators of Compromise (IOCs).
- Coordinate incident response activities: support containment, eradication, and recovery actions for cybersecurity incidents.
- Perform digital forensic analysis and preserve evidence following chain-of-custody procedures.
- Develop and tune SIEM correlation rules, detection logic, dashboards, and reports.
- Support ransomware, insider threat, phishing, DDoS, and data breach investigations.
- Collaborate with IT Security personnel to factor security into IT asset evaluation, selection, installation and configuration.
- Collaborate with Security Engineering teams to develop and implement controls in alignment with security policies and legal, regulatory, and compliance requirements.
- Produce incident reports, forensic reports, weekly SOC reports, and final incident documentation.
- Participate in cyber exercises, tabletop exercises, and after-action reviews.
- Develop and maintain incident response SLAs for alert triage, containment, reporting, and recovery validation.
- Develop scripts and automation to improve SOC efficiency.
- Develop and maintain incident response playbooks, SOPs, and workflows.
- Research and evaluate innovative analytical techniques and capabilities for integration into a managed security offering.
- Provide technical oversight and direction to Tier 1 CTAs.
- Provide on-call escalation support during non-business hours as needed.
Required Skills - U.S. Citizen.
- Active Secret security clearance, with the ability to obtain a Top Secret security clearance.
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related STEM (Science, Technology, Engineering and Mathematics) discipline.
- 5+ years of experience in cybersecurity operations, incident response, and/or cyber threat analysis, including 2+ years working in a SOC environment.
- DoD 8140 IAT Level 2 certification (CompTIA Security+, CySA+, GSEC, SSCP).
- Expert-level experience with SOC operations, incident detection, and response workflows.
- Tactical experience with Splunk Enterprise Security.
- Advanced understanding of TCP/IP, network fundamentals, network security, NetFlow, and associated tools.
- Advanced knowledge of malware analysis, network forensics, and packet-level inspection.
- Ability to assume full ownership and accountability for tasks and deadlines, work with limited supervision, and commit to high quality results and deliverables.
- Exceptional analytical, problem-solving, and communication skills.
- Strong decision-making ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
- Advanced proficiency with Microsoft Office tools and O365, including Word, Excel, PowerPoint, Teams, Outlook, and SharePoint.
Desired Skills - Active Top Secret security clearance.
- Master's degree in a STEM discipline.
- DoD 8140 IAT Level 3 certification (CISSP, CASP+ CE, CCNP Security, CISA, GCED, GCIH).
- Prior experience with DoD environments and components/organizations.
- Previous SOC experiance.
- Hands-on experience with SIEM or SOAR platforms, IDS/IPS, and endpoint monitoring tools.
- Familiarity with the NIST Cybersecurity Framework and Risk Management Framework (RMF).
- Experience developing and maturing SOC playbooks, processes, and detection capabilities.
- Experience managing AI agents or queries in a SOC environment.
- Hands-on experience with Atlassian's Jira and Confluence.
Never miss an opportunity! Create an alert based on the job you applied for.
