Job Description ECS is seeking a
SOC Mid-Level Analyst to work
remotely .
Please Note: This position is contingent upon additional funding. Position Summary ECS is seeking a Mid-Level SOC Analyst with demonstrated experience supporting the development of processes, procedures, and automations to rapidly ingest, aggregate, correlate, normalize, and analyze event messages to rapidly and assuredly identify and respond to Indicators of Compromise (IoC). The ideal candidate is a critical thinker and perpetual learner who is excited to solve some of our clients' toughest challenges. To be successful the candidate must have experience working in a mature 24x7x365 Security Operation Center.
Shift schedule:
Sunday-Wednesday, 7:00AM - 5:00PM ET (subject to change)
This role involves shift work schedule to support our 24/7 operation, including weekends and holidays. Candidates must be flexible in their availability. While we make every effort to accommodate individual preferences, it's essential to understand that specific shift requests are not guaranteed and are assigned based on operational needs. Responsibilities include: Escalated Alert Investigation & Correlation - Review and investigate alerts escalated by SOC Analyst 1 or automated SOC workflows to validate severity, scope, potential impact, and required response actions.
- Analyze suspicious activity, indicators of compromise, anomalous behavior, and policy violations using logs, endpoint telemetry, network data, identity data, cloud events, and other evidence.
- Correlate evidence across security platforms to identify affected assets, affected accounts, attack paths, timeline of activity, and potential business or mission impact.
- Map observed behaviors to applicable frameworks and threat models such as MITRE ATT&CK when useful for investigation, reporting, or detection improvement.
Incident Response & Coordination Support - Support containment, eradication, and recovery activities for standard or moderate incidents in alignment with incident response plans and approved playbooks.
- Coordinate with system owners, security engineers, senior analysts, and other technical teams to gather evidence, validate impact, and support response actions.
- Escalate complex, high-impact, evidence-sensitive, or ambiguous incidents to SOC Analyst 3, SOC leadership, Forensics, Threat Hunter, Threat Intelligence Analyst, or other specialized roles as appropriate.
- Maintain accurate incident status, action tracking, and communications during investigation and response activities.
Detection, Tuning & Process Improvement Input - Analyze recurring alerts, false positives, attack patterns, threat intelligence, vulnerabilities, and emerging tactics to identify opportunities to improve detection and response.
- Recommend updates to correlation rules, alert logic, dashboards, use cases, response playbooks, and triage procedures based on investigation outcomes.
- Operationalize threat intelligence in triage and investigation workflows by applying relevant indicators, adversary behaviors, vulnerabilities, and contextual reporting.
Reporting & Documentation - Document investigation activities, evidence, decisions, response actions, and outcomes clearly and accurately.
- Prepare incident summaries, ticket updates, timelines, shift handoff notes, and supporting information for after-action documentation.
- Communicate technical findings in clear operational, business, and risk language for SOC leadership and affected stakeholders.
- Provide evidence summaries and analysis notes that can be used by Forensics or specialized teams when deeper analysis is required.
Mentorship & Continuous Improvement - Provide escalation guidance, quality feedback, and informal mentoring to SOC junior analysts personnel.
- Participate in lessons-learned activities, tabletop exercises, detection reviews, and SOC process improvement efforts.
- Stay current with evolving cyber threats, vulnerabilities, detection techniques, and security operations best practices.
- Contribute to continuous improvement of SOC workflows, investigation checklists, documentation practices, and escalation procedures.
Salary Range: $120,000 - $145,000
General Description of Benefits
Required Skills - 3-5 years of experience in SOC operations, incident response, security monitoring, threat monitoring, or related technical cybersecurity roles.
- Experience triaging escalated alerts and investigating security events using SIEM, EDR, ticketing, case management, and log analysis tools.
- Intermediate knowledge of Windows, Linux, networking, cloud, identity, endpoint, and application security concepts.
- Working knowledge of common attack techniques, incident response lifecycle activities, escalation procedures, playbooks, and evidence-handling practices.
- Ability to correlate evidence across multiple tools, develop incident timelines, and determine recommended response actions.
- Strong analytical, written documentation, communication, and collaboration skills
Desired Skills - Experience working in a 24x7 SOC, managed security operations environment, government program, or regulated organization.
- Familiarity with frameworks and guidance such as MITRE ATT&CK, NIST CSF, NIST SP 800-61, CIS Controls, or Cyber Kill Chain.
- Experience with tools such as Splunk, Microsoft Sentinel, QRadar, CrowdStrike, Microsoft Defender, Palo Alto, SOAR platforms, or similar technologies.
- Certifications such as Security+, CySA+, GCIH, GCIA, CEH, SSCP, or equivalent experience.
- Experience contributing to detection tuning recommendations, response playbook updates, tabletop exercises, or lessons-learned activities.
- Experience coordinating with threat intelligence, threat hunting, forensics, Splunk engineering, security engineering, or incident response teams.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
Everforth ECS is the federal segment of
Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
Meet the challenge. Make a difference with Everforth ECS! 
Never miss an opportunity! Create an alert based on the job you applied for.