SOC Analyst

Everforth ECS is seeking a SOC Analyst to work remotely .

At Everforth ECS Federal, we're driven by a commitment to excellence and innovation in solving complex challenges. As a premier provider of advanced technology solutions and services, our mission is to secure and optimize the most critical commercial, government, defense, and intelligence projects across the country. Our team is composed of dynamic professionals who thrive in a collaborative and empowering environment, where our team members leverage the latest technologies and insights to make a real-world impact. Join us and be part of a forward-thinking organization that values your expertise and supports your professional growth.


The SOC Analyst is responsible for enterprise security monitoring, alert investigation, and incident response activities within the Everforth Security Operations Center (SOC). This role supports the continuous monitoring of enterprise systems and security telemetry to identify potential threats and suspicious activity. SOC Analysts perform investigative analysis of security alerts, participate in incident response activities, and contribute to detection engineering efforts that improve the organization's ability to detect malicious activity.


This role reports to the SOC Manager and works closely with Senior SOC Analysts, the Security Engineering team, enterprise IT operations teams, and the MSSP to ensure effective monitoring, investigation, and response across the enterprise environment.


Responsibilities

• Security Monitoring : Monitor enterprise security telemetry and alerts generated by security platforms to identify potential threats or suspicious activity.

• Alert Investigation : Conduct investigations of security alerts to determine legitimacy, scope, and potential impact to enterprise systems.

• Incident Detection : Identify indicators of compromise, malicious behavior, and suspicious activity within enterprise environments.

• Incident Response Support : Support investigation and response activities during confirmed or suspected cybersecurity incidents.

• Threat Analysis : Analyze security telemetry, logs, and alerts to determine attacker behavior, indicators of compromise, and potential attack vectors.

• Detection Engineering Support : Contribute to the development and refinement of detection rules and monitoring analytics based on investigation findings.

• Threat Hunting : Participate in proactive threat hunting activities to identify adversary behavior that may not be detected through automated monitoring.

• MSSP Escalation Review : Review and investigate alerts escalated by the MSSP after-hours monitoring team.

• Investigation Documentation : Document investigations, findings, and response actions within the SOC case management platform.

• Operational Effectiveness: Contributes to SOC process improvements by supporting automation efforts, implementing AI-assisted workflows, identifying efficiency opportunities, and helping enhance detection and response operations.

• Playbook Execution : Execute SOC operational playbooks and investigation procedures during alert triage and incident response.

• Operational Collaboration : Work closely with IT operations, infrastructure teams, and security engineering to support investigation and remediation activities.

• Continuous Improvement : Identify opportunities to improve monitoring coverage, investigation processes, and detection capabilities.

• On-Call Support: Participates in on-call support to assist with security incident response, operational issues, and investigation activities to maintain continuous SOC coverage and response capability.

• • Experience : Minimum of 3-5 years of cybersecurity experience, with experience in security operations, threat monitoring, or incident response environments.
  • Security Monitoring Experience : Experience monitoring security alerts and investigating suspicious activity using enterprise security tools.
  • Investigation Skills : Ability to analyze security alerts, logs, and telemetry to determine potential malicious activity.
  • Security Technology Experience : Experience working with enterprise security tools such as SIEM platforms, endpoint detection and response (EDR), and log analysis tools.
  • Log Analysis Knowledge : Experience reviewing system logs, authentication activity, endpoint telemetry, and network security events.
  • Incident Investigation Awareness : Understanding of basic incident response processes and investigation workflows.
  • Threat Detection Awareness : Familiarity with common attacker techniques and indicators of compromise.
  • Security Framework Awareness : Familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework or CIS Critical Security Controls.
  • Investigation Documentation : Experience documenting investigations and response actions in case management platforms.
  Other Requirements of the position include:
  • Able and willing to obtain a US Security Clearance.
  • This role may require occasional on-call support during off-hours to respond to security incidents.