Cyber Threat Analyst (Tier 3)

Job Description

ECS is seeking a Cyber Threat Analyst (Tier 3) to work in a hybrid onsite/remote capacity at ECS Corporate offices located in Fairfax, VA .

The Role:

ECS is seeking a Cyber Threat Analyst (Tier 3) to lead advanced detection and response activities within an enterprise Security Operations Center (SOC). The ideal candidate is a critical thinker and lifelong learner with deep technical expertise, proven leadership abilities, and the drive to tackle complex cybersecurity challenges. This role combines hands-on technical analysis with process ownership, mentoring, and collaboration across engineering, infrastructure, and threat intelligence teams.

You will play a key role in strengthening SOC operations - shaping processes, refining detection capabilities, and guiding junior analysts - while responding to high-impact incidents that matter to our customers and key stakeholders.

Your Responsibilities:

Threat Monitoring & Detection:

• Continuously monitor SIEM platforms, endpoint detection tools, and cloud/on-premises infrastructure for anomalies and indicators of compromise.
• Conduct intrusion detection using IDS/IPS, firewalls, and host-based security systems.
• Correlate data across network, endpoint, and cloud environments to detect unauthorized activity.
• Integrate intelligence from trusted sources (e.g., US-CERT, MS-ISAC, commercial feeds) into monitoring strategies.

Incident Response & Investigation:

• Lead the full incident lifecycle: detection, containment, eradication, recovery, and post-incident review.
• Ensure accurate documentation, tracking, and reporting of all incidents.
• Conduct forensic and log-based analysis to determine scope and root cause.
• Provide mitigation guidance and coordinate forensics support where required.
• Drive lessons-learned sessions and implement improvements.

SOC Operations & Process Management:

• Own the execution of daily SOC workflows and operational checklists.
• Develop, maintain, and refine SOPs, incident playbooks, and run books.
• Recommend and implement process and policy changes to improve governance, compliance, and efficiency.
• Evaluate CVEs and recommend mitigation strategies.
• Optimize SIEM and SOAR workflows for better visibility and faster response.

Collaboration & Leadership:

• Partner with security engineering, infrastructure, and threat intelligence teams to align technologies and policies.
• Oversee and validate threat-hunting initiatives.
• Mentor and train SOC analysts to enhance detection, triage, and investigation skills.
• Keep executives and stakeholders informed of significant incidents and trends.

Reporting & Continuous Improvement:

• Produce incident reports, dashboards, and SOC performance metrics for leadership and clients.
• Research emerging threats, vulnerabilities, and attack methods to improve detection capabilities.
• Evaluate and integrate new tools and techniques to close capability gaps and advance SOC maturity.

Other duties, as assigned.

Required Skills

• U.S. Citizen.
• Active DoD Secret security clearance, with the ability to obtain / maintain a DoD Top Secret security clearance.
• Bachelor's or Master's degree in Cybersecurity; Information Security; Computer Science; or similar Science, Technology, Engineering and Mathematics (STEM) discipline (significant, relevant experience may substitute).
• Active DoD 8140 IAT Level II / III certification (e.g., Security+, CSSP, etc.).
• 7+ years in cybersecurity operations and incident response, to include 3+ years in a SOC environment, as well as 2+ years in a leadership role.

Technical Expertise:

• Proven hands-on experience with SIEM and EDR tools, and SOAR platforms.
• Strong knowledge of IDS/IPS, malware analysis, endpoint security, and vulnerability management (e.g., Tenable).
• Demonstrated ability to analyze and triage Indicators of Compromise (IoCs).
• Experience with two or more common CIRT or investigative analysis tools.
• Understanding of computer/network fundamentals, including OS, protocols, and encryption.

Operational & Analytical Skills:

• Advanced Splunk experience, including dashboard creation and reporting.
• Skilled at triaging detections across SIEM, IDS/IPS, endpoint, and other security technologies.
• Strong decision-making and problem-solving skills with the ability to weigh risks, costs, and benefits.
• Ability to conduct in-depth research and produce actionable assessments and predictive insights.

Leadership & Communication:

• Experience mentoring and developing junior SOC analysts.
• Ability to translate complex technical topics to non-technical stakeholders.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
• Proven ability to remain calm, decisive, and methodical under pressure.
• Commitment to ethics, compliance, and organizational values.

Desired Skills

Certifications:

• Advanced certifications preferred: CISSP, CISM, GIAC GSLC/GSOM, CEH, or equivalent.

Advanced Knowledge:

• Familiarity with APT tactics, techniques, and procedures (TTPs).
• Hands-on experience applying MITRE ATT&CK for detection and response.
• Deep technical knowledge of system internals: OS, vulnerabilities, encryption, and architecture.

Operational Enhancements:

• Background in threat hunting, digital forensics, or malware analysis.
• Prior experience building and leading high-performance SOC teams.
• Proven ability to close incidents in alignment with SLAs and severity ratings.
• Experience producing actionable threat intelligence reports.

Automation & Scripting:

• Proficiency with security automation/orchestration and scripting (Python, PowerShell).

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3500+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.