ECS
ECS is seeking a
Cyber Threat Analyst (Tier 3)
to work in a hybrid onsite/remote capacity at ECS Corporate offices located in
Fairfax, VA .
The Role:
ECS is seeking a Cyber Threat Analyst (Tier 3) to lead advanced detection and response activities within an enterprise Security Operations Center (SOC). The ideal candidate is a critical thinker and lifelong learner with deep technical expertise, proven leadership abilities, and the drive to tackle complex cybersecurity challenges. This role combines hands-on technical analysis with process ownership, mentoring, and collaboration across engineering, infrastructure, and threat intelligence teams.
You will play a key role in strengthening SOC operations - shaping processes, refining detection capabilities, and guiding junior analysts - while responding to high-impact incidents that matter to our customers and key stakeholders.
Your Responsibilities:
Threat Monitoring & Detection:
Continuously monitor SIEM platforms, endpoint detection tools, and cloud/on-premises infrastructure for anomalies and indicators of compromise. Conduct intrusion detection using IDS/IPS, firewalls, and host-based security systems. Correlate data across network, endpoint, and cloud environments to detect unauthorized activity. Integrate intelligence from trusted sources (e.g., US-CERT, MS-ISAC, commercial feeds) into monitoring strategies. Incident Response & Investigation:
Lead the full incident lifecycle: detection, containment, eradication, recovery, and post-incident review. Ensure accurate documentation, tracking, and reporting of all incidents. Conduct forensic and log-based analysis to determine scope and root cause. Provide mitigation guidance and coordinate forensics support where required. Drive lessons-learned sessions and implement improvements. SOC Operations & Process Management:
Own the execution of daily SOC workflows and operational checklists. Develop, maintain, and refine SOPs, incident playbooks, and run books. Recommend and implement process and policy changes to improve governance, compliance, and efficiency. Evaluate CVEs and recommend mitigation strategies. Optimize SIEM and SOAR workflows for better visibility and faster response. Collaboration & Leadership:
Partner with security engineering, infrastructure, and threat intelligence teams to align technologies and policies. Oversee and validate threat-hunting initiatives. Mentor and train SOC analysts to enhance detection, triage, and investigation skills. Keep executives and stakeholders informed of significant incidents and trends. Reporting & Continuous Improvement:
Produce incident reports, dashboards, and SOC performance metrics for leadership and clients. Research emerging threats, vulnerabilities, and attack methods to improve detection capabilities. Evaluate and integrate new tools and techniques to close capability gaps and advance SOC maturity. Other duties, as assigned.
U.S. Citizen. Active DoD Secret security clearance, with the ability to obtain / maintain a DoD Top Secret security clearance. Bachelor's or Master's degree in Cybersecurity; Information Security; Computer Science; or similar Science, Technology, Engineering and Mathematics (STEM) discipline (significant, relevant experience may substitute). Active DoD 8140 IAT Level II / III certification (e.g., Security+, CSSP, etc.). 7+ years in cybersecurity operations and incident response, to include 3+ years in a SOC environment, as well as 2+ years in a leadership role. Technical Expertise:
Proven hands-on experience with SIEM and EDR tools, and SOAR platforms. Strong knowledge of IDS/IPS, malware analysis, endpoint security, and vulnerability management (e.g., Tenable). Demonstrated ability to analyze and triage Indicators of Compromise (IoCs). Experience with two or more common CIRT or investigative analysis tools. Understanding of computer/network fundamentals, including OS, protocols, and encryption. Operational & Analytical Skills:
Advanced Splunk experience, including dashboard creation and reporting. Skilled at triaging detections across SIEM, IDS/IPS, endpoint, and other security technologies. Strong decision-making and problem-solving skills with the ability to weigh risks, costs, and benefits. Ability to conduct in-depth research and produce actionable assessments and predictive insights. Leadership & Communication:
Experience mentoring and developing junior SOC analysts. Ability to translate complex technical topics to non-technical stakeholders. Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution. Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management). Proven ability to remain calm, decisive, and methodical under pressure. Commitment to ethics, compliance, and organizational values.
Cyber Threat Analyst (Tier 3)
to work in a hybrid onsite/remote capacity at ECS Corporate offices located in
Fairfax, VA .
The Role:
ECS is seeking a Cyber Threat Analyst (Tier 3) to lead advanced detection and response activities within an enterprise Security Operations Center (SOC). The ideal candidate is a critical thinker and lifelong learner with deep technical expertise, proven leadership abilities, and the drive to tackle complex cybersecurity challenges. This role combines hands-on technical analysis with process ownership, mentoring, and collaboration across engineering, infrastructure, and threat intelligence teams.
You will play a key role in strengthening SOC operations - shaping processes, refining detection capabilities, and guiding junior analysts - while responding to high-impact incidents that matter to our customers and key stakeholders.
Your Responsibilities:
Threat Monitoring & Detection:
Continuously monitor SIEM platforms, endpoint detection tools, and cloud/on-premises infrastructure for anomalies and indicators of compromise. Conduct intrusion detection using IDS/IPS, firewalls, and host-based security systems. Correlate data across network, endpoint, and cloud environments to detect unauthorized activity. Integrate intelligence from trusted sources (e.g., US-CERT, MS-ISAC, commercial feeds) into monitoring strategies. Incident Response & Investigation:
Lead the full incident lifecycle: detection, containment, eradication, recovery, and post-incident review. Ensure accurate documentation, tracking, and reporting of all incidents. Conduct forensic and log-based analysis to determine scope and root cause. Provide mitigation guidance and coordinate forensics support where required. Drive lessons-learned sessions and implement improvements. SOC Operations & Process Management:
Own the execution of daily SOC workflows and operational checklists. Develop, maintain, and refine SOPs, incident playbooks, and run books. Recommend and implement process and policy changes to improve governance, compliance, and efficiency. Evaluate CVEs and recommend mitigation strategies. Optimize SIEM and SOAR workflows for better visibility and faster response. Collaboration & Leadership:
Partner with security engineering, infrastructure, and threat intelligence teams to align technologies and policies. Oversee and validate threat-hunting initiatives. Mentor and train SOC analysts to enhance detection, triage, and investigation skills. Keep executives and stakeholders informed of significant incidents and trends. Reporting & Continuous Improvement:
Produce incident reports, dashboards, and SOC performance metrics for leadership and clients. Research emerging threats, vulnerabilities, and attack methods to improve detection capabilities. Evaluate and integrate new tools and techniques to close capability gaps and advance SOC maturity. Other duties, as assigned.
U.S. Citizen. Active DoD Secret security clearance, with the ability to obtain / maintain a DoD Top Secret security clearance. Bachelor's or Master's degree in Cybersecurity; Information Security; Computer Science; or similar Science, Technology, Engineering and Mathematics (STEM) discipline (significant, relevant experience may substitute). Active DoD 8140 IAT Level II / III certification (e.g., Security+, CSSP, etc.). 7+ years in cybersecurity operations and incident response, to include 3+ years in a SOC environment, as well as 2+ years in a leadership role. Technical Expertise:
Proven hands-on experience with SIEM and EDR tools, and SOAR platforms. Strong knowledge of IDS/IPS, malware analysis, endpoint security, and vulnerability management (e.g., Tenable). Demonstrated ability to analyze and triage Indicators of Compromise (IoCs). Experience with two or more common CIRT or investigative analysis tools. Understanding of computer/network fundamentals, including OS, protocols, and encryption. Operational & Analytical Skills:
Advanced Splunk experience, including dashboard creation and reporting. Skilled at triaging detections across SIEM, IDS/IPS, endpoint, and other security technologies. Strong decision-making and problem-solving skills with the ability to weigh risks, costs, and benefits. Ability to conduct in-depth research and produce actionable assessments and predictive insights. Leadership & Communication:
Experience mentoring and developing junior SOC analysts. Ability to translate complex technical topics to non-technical stakeholders. Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution. Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management). Proven ability to remain calm, decisive, and methodical under pressure. Commitment to ethics, compliance, and organizational values.