Security Operations Center Analyst
Job Description
Company: ECS
Location: Fairfax, US
Job Description
Everforth ECS is seeking a Security Operations Center Analyst to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War’s (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
The Security Operations Center Analyst supports WDP’s 24/7 continuous monitoring mission by performing structured threat detection, incident investigation, and response operations across NIPRNet, SIPRNet, and JWICS. This role operates within an integrated SOC environment leveraging Splunk SIEM, SOAR-driven automation, and AI-assisted triage capabilities to identify adversary behavior, contain incidents, and sustain cyber defense resilience across WDP’s classified and unclassified mission enclaves.
• Executes continuous security monitoring operations across classified and unclassified DoW networks, supporting mission systems operating on NIPRNet, SIPRNet, and JWICS.
• Analyzes security events generated by enterprise Security Information and Event Management platforms including Splunk and Elastic, correlating host, network, and application telemetry to identify anomalous activity and potential adversary behavior.
• Conducts structured incident investigations using established incident response playbooks aligned to DoW Cyber Incident Handling Program guidance, documenting findings within ServiceNow and SharePoint tracking repositories.
• Performs proactive threat hunting activities leveraging MITRE ATT&CK mappings, endpoint telemetry, network flow data, and log analytics to detect previously unidentified threats.
• Coordinates containment and remediation actions with system administrators, ISSOs, and vulnerability management teams, supporting rapid mitigation of malware, unauthorized access, and policy violations.
• Maintains detailed incident records, forensic timelines, and evidentiary artifacts supporting after-action reporting and continuous monitoring requirements under the Risk Management Framework.
• Tunes detection logic, refines correlation rules, and contributes to improvement of SOC use cases to reduce false positives and increase detection fidelity.
• Provides technical mentorship to junior analysts through peer review of investigations and collaborative shift handovers.
• Delivers operational reporting products including incident summaries, alert trend analysis, and threat activity assessments supporting operational readiness, cyber defense resilience, and mission assurance across combat support and intelligence environments.
• Performs other duties as assigned.
Required Skills
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance.
• A minimum of 3 years of experience in security operations, cyber threat analysis, or incident response within a federal, defense, or intelligence community environment, with demonstrated hands-on proficiency performing continuous monitoring and structured incident investigations using enterprise SIEM platforms such as Splunk or Elastic across multi-enclave network environments.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Demonstrated experience applying the MITRE ATT&CK framework to proactive threat hunting operations, including the development of hypothesis-driven hunt packages using endpoint telemetry, network flow data, and log analytics to surface adversary activity not caught by automated detection logic.
• Familiarity with SOAR platform operations and AI-assisted triage workflows, including the ability to execute and refine automated playbooks, contribute to use case development, and apply structured escalation logic aligned to Tier 1, Tier 2, and Tier 3 SOC operating models.
• Working knowledge of the DoW Risk Management Framework (RMF), continuous monitoring requirements, and the transition from the traditional seven-step RMF to the five-phase Cybersecurity and Risk Management Continuum (CSRMC), with experience maintaining forensic documentation and evidentiary records that support Authorization to Operate (ATO) compliance obligations.
• Prior experience providing peer mentorship, shift handover documentation, or junior analyst development within a 24/7 SOC environment, including contributions to after-action reviews, lessons learned processes, and detection logic improvement initiatives.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
Everforth ECS is the federal segment of Everforth, a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We Value
• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven
Source: LinkedIn
