SOC Analyst
Job Description
Company: ECS FEDERAL
Location: Reston, US
## About the role and our team
Everforth ECS is seeking a SOC Analyst to work remotely. At Everforth ECS Federal, we’re driven by a commitment to excellence and innovation in solving complex challenges. We provide advanced technology solutions and services to secure and optimize critical commercial, government, defense, and intelligence projects across the country. Our team members leverage the latest technologies and insights to make a real-world impact and we support professional growth in a collaborative environment.
This SOC Analyst role is responsible for enterprise security monitoring, alert investigation, and incident response activities within the Everforth Security Operations Center (SOC). The position supports continuous monitoring of enterprise systems and security telemetry to identify potential threats and suspicious activity. SOC Analysts perform investigative analysis of security alerts, participate in incident response activities, and contribute to detection engineering efforts that improve the organization’s ability to detect malicious activity.
This role reports to the SOC Manager and works closely with Senior SOC Analysts, the Security Engineering team, enterprise IT operations teams, and the MSSP to ensure effective monitoring, investigation, and response across the enterprise environment.
### What you’ll be doing day-to-day
• Security Monitoring: Monitor enterprise security telemetry and alerts generated by security platforms to identify potential threats or suspicious activity.
• Alert Investigation: Conduct investigations of security alerts to determine legitimacy, scope, and potential impact to enterprise systems.
• Incident Detection: Identify indicators of compromise, malicious behavior, and suspicious activity within enterprise environments.
• Incident Response Support: Support investigation and response activities during confirmed or suspected cybersecurity incidents.
• Threat Analysis: Analyze security telemetry, logs, and alerts to determine attacker behavior, indicators of compromise, and potential attack vectors.
• Detection Engineering Support: Contribute to the development and refinement of detection rules and monitoring analytics based on investigation findings.
• Threat Hunting: Participate in proactive threat hunting activities to identify adversary behavior that may not be detected through automated monitoring.
• MSSP Escalation Review: Review and investigate alerts escalated by the MSSP after-hours monitoring team.
• Investigation Documentation: Document investigations, findings, and response actions within the SOC case management platform.
• Operational Effectiveness: Contributes to SOC process improvements by supporting automation efforts, implementing AI-assisted workflows, identifying efficiency opportunities, and helping enhance detection and response operations.
• Playbook Execution: Execute SOC operational playbooks and investigation procedures during alert triage and incident response.
• Operational Collaboration: Work closely with IT operations, infrastructure teams, and security engineering to support investigation and remediation activities.
• Continuous Improvement: Identify opportunities to improve monitoring coverage, investigation processes, and detection capabilities.
• On
– Call Support: Participates in on-call support to assist with security incident response, operational issues, and investigation activities to maintain continuous SOC coverage and response capability.
We value clear communication, timely documentation in the SOC case management platform, and close collaboration with internal engineering and operations teams as well as our MSSP. The role is remote and tied directly to SOC monitoring, investigation, detection engineering support, and incident response activities.
Source: Bandana.com
