Job Description Everforth ECS is seeking a
SOC Tier 1 Analyst to work in our
Portland, OR office.
Please Note: This position is contingent upon contract award. The SOC Analyst 1 supports the organization's security operations by monitoring security events, performing first-level alert triage, validating suspicious activity, documenting tickets, and escalating confirmed or higher-risk events using approved runbooks and procedures. This role is the initial monitoring and triage tier within the SOC Analyst role family.
The ideal candidate has foundational cybersecurity or IT operations experience, understands basic security concepts and defensive technologies, and can follow established procedures while communicating clearly with SOC Analyst 2, SOC Analyst 3, incident response, engineering, and other program stakeholders.
Key Responsibilities Security Monitoring & Initial Alert Triage - Monitor security events and alerts across SIEM, EDR, IDS/IPS, cloud, network, identity, case management, and other approved security platforms.
- Perform first-level alert validation to determine whether activity is benign, suspicious, policy-related, or requires escalation.
- Assign initial severity, scope, affected assets, affected accounts, and potential impact using approved triage criteria and runbooks.
- Escalate confirmed, ambiguous, high-risk, or complex alerts to SOC Analyst 2, SOC Analyst 3, or SOC leadership according to established procedures.
Ticketing, Documentation & Shift Handoff - Create and update incident tickets with clear descriptions, timestamps, evidence references, preliminary findings, and actions taken.
- Document investigation steps, alert context, decisions, and escalation rationale clearly and accurately.
- Prepare shift handoff notes and status updates to ensure continuity of monitoring and incident follow-up.
- Maintain case management hygiene, including accurate categorization, status tracking, and closure documentation for routine alerts.
Incident Response Support - Support standard incident response activities under direction of SOC Analyst 2, SOC Analyst 3, incident responders, or SOC leadership.
- Collect readily available logs, alert details, endpoint information, user information, and other operational evidence needed for escalation.
- Coordinate basic information requests with system owners, security engineers, and other technical teams as directed.
- Track escalations and provide status updates until ownership is accepted by the appropriate SOC or specialized role.
Tool Use & Procedure Adherence - Use SOC tools such as SIEM, SOAR, EDR, threat intelligence portals, case management systems, and vulnerability platforms in accordance with approved procedures.
- Follow playbooks, standard operating procedures, evidence-handling expectations, and escalation thresholds consistently.
- Report suspected data quality issues, missing telemetry, dashboard problems, or tool availability concerns to SOC Analyst 2/3, Splunk engineering, or security engineering teams.
- Participate in training, drills, tabletop exercises, and lessons-learned activities to improve monitoring and triage performance.
Continuous Learning - Stay current with common cyber threats, phishing techniques, malware trends, vulnerabilities, user behavior risks, and security operations best practices.
- Apply feedback from senior analysts to improve alert validation, documentation quality, and escalation accuracy.
- Contribute operational observations and recurring alert patterns to process improvement discussions.
Required Skills - 1-3 years of experience in cybersecurity, IT operations, help desk , networking, systems administration, or SOC monitoring.
- Basic experience using SIEM, EDR, ticketing, case management, or log-search tools to review security events or operational alerts.
- Foundational knowledge of Windows, Linux, networking, cloud, identity, endpoint, and common cyber threat concepts.
- Ability to follow runbooks, validate alerts, document findings, and escalate issues accurately and promptly.
- Familiarity with incident escalation procedures, shift handoff practices, and basic evidence-handling expectations.
- Strong attention to detail, written documentation skills, and ability to communicate clearly with technical teams.
Desired Skills - Experience working in a 24x7 SOC, managed security operations environment, government program, or regulated organization.
- Familiarity with frameworks and guidance such as MITRE ATT&CK, NIST CSF, NIST SP 800-61, CIS Controls, or Cyber Kill Chain.
- Experience with tools such as Splunk, Microsoft Sentinel, QRadar , CrowdStrike, Microsoft Defender, Palo Alto, SOAR platforms, or similar technologies.
- Certifications such as Security+, Network+, CySA + (in progress), CEH (in progress), or equivalent experience.
- Experience with phishing triage, malware alert validation, endpoint alerts, user behavior alerts, or network security monitoring.
- Exposure to SOC playbooks, escalation workflows, and operational reporting expectations.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
Everforth ECS is the federal segment of
Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
Meet the challenge. Make a difference with Everforth ECS! 
Never miss an opportunity! Create an alert based on the job you applied for.