All candidates must meet the following criteria: Must be a US Citizen, no dual Citizenships. Must be able to secure a Public trust clearance. Must be able to work across multiple programs across the Federal and DOD space. The core values that ECS looks for in an engagement manager include: Teamwork, Respect, Accountability, Integrity, and Leadership.
SOC Analyst
Location
United States
Posted
3 days ago
Salary
0
Seniority
Mid Level
Job Description
SOC Analyst
ECS Tech Inc
Role Description The SOC Analyst is responsible for enterprise security monitoring, alert investigation, and incident response activities within the Everforth Security Operations Center (SOC). This role supports the continuous monitoring of enterprise systems and security telemetry to identify potential threats and suspicious activity. SOC Analysts perform investigative analysis of security alerts, participate in incident response activities, and contribute to detection engineering efforts that improve the organization's ability to detect malicious activity. This role reports to the SOC Manager and works closely with Senior SOC Analysts, the Security Engineering team, enterprise IT operations teams, and the MSSP to ensure effective monitoring, investigation, and response across the enterprise environment. Responsibilities - Security Monitoring: Monitor enterprise security telemetry and alerts generated by security platforms to identify potential threats or suspicious activity. - Alert Investigation: Conduct investigations of security alerts to determine legitimacy, scope, and potential impact to enterprise systems. - Incident Detection: Identify indicators of compromise, malicious behavior, and suspicious activity within enterprise environments. - Incident Response Support: Support investigation and response activities during confirmed or suspected cybersecurity incidents. - Threat Analysis: Analyze security telemetry, logs, and alerts to determine attacker behavior, indicators of compromise, and potential attack vectors. - Detection Engineering Support: Contribute to the development and refinement of detection rules and monitoring analytics based on investigation findings. - Threat Hunting: Participate in proactive threat hunting activities to identify adversary behavior that may not be detected through automated monitoring. - MSSP Escalation Review: Review and investigate alerts escalated by the MSSP after-hours monitoring team. - Investigation Documentation: Document investigations, findings, and response actions within the SOC case management platform. - Operational Effectiveness: Contributes to SOC process improvements by supporting automation efforts, implementing AI-assisted workflows, identifying efficiency opportunities, and helping enhance detection and response operations. - Playbook Execution: Execute SOC operational playbooks and investigation procedures during alert triage and incident response. - Operational Collaboration: Work closely with IT operations, infrastructure teams, and security engineering to support investigation and remediation activities. - Continuous Improvement: Identify opportunities to improve monitoring coverage, investigation processes, and detection capabilities. - On-Call Support: Participate in on-call support to assist with security incident response, operational issues, and investigation activities to maintain continuous SOC coverage and response capability. Qualifications - Minimum of 3–5 years of cybersecurity experience, with experience in security operations, threat monitoring, or incident response environments. - Experience monitoring security alerts and investigating suspicious activity using enterprise security tools. - Ability to analyze security alerts, logs, and telemetry to determine potential malicious activity. - Experience working with enterprise security tools such as SIEM platforms, endpoint detection and response (EDR), and log analysis tools. - Experience reviewing system logs, authentication activity, endpoint telemetry, and network security events. - Understanding of basic incident response processes and investigation workflows. - Familiarity with common attacker techniques and indicators of compromise. - Familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework or CIS Critical Security Controls. - Experience documenting investigations and response actions in case management platforms. Requirements - Able and willing to obtain a US Security Clearance. - This role may require occasional on-call support during off-hours to respond to security incidents.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Information Security Analyst – 1-Year Contract
NumerisCanada's most trusted and authoritative source for broadcast measurement and consumer behavior data.
• Monitoring Security Systems: Continuously monitor various security systems, including firewalls, intrusion detection systems, antivirus software, and others, to promptly detect and respond to any security incidents. • Security Incident Response: Take the lead in investigating security breaches and incidents, pinpointing their root causes, and developing strategies to prevent similar occurrences in the future. Collaborate closely with IT and business teams to ensure coordinated and effective response efforts. • Vulnerability Management: Identify and assess vulnerabilities present in systems and networks, collaborating with technical teams to mitigate risks through patch management and configuration changes. Thoroughly document findings and facilitate clear communication across teams to promptly address security weaknesses. • Security Policy Enforcement: Ensure the enforcement of robust security controls, policies, and procedures throughout the organization, guaranteeing compliance with relevant regulations, standards, and best practices. • Security Awareness Training: Support and contribute to security awareness initiatives and trainings aimed at educating employees on the best practices for maintaining information security, fostering a culture of security consciousness within the organization. • Security Risk and Vendor Assessments: Conduct comprehensive assessments of security risks and evaluate third-party vendor security measures to gauge the effectiveness of existing security controls and identify areas for enhancement. • Security Tool Evaluation: Assess and evaluate the suitability of new security tools and technologies to bolster the organization's overall security posture, ensuring that chosen solutions align with the organization's security objectives and requirements. • Lead end-to-end incident response activities, including detection, triage, containment, eradication, and post-incident analysis.
• Own and implement data protection controls for AI platforms and SaaS applications • Design and enforce DLP policies across AI prompts, outputs, file uploads, and APIs • Identify and mitigate AI-specific risks including prompt injection, data exfiltration, and shadow AI usage • Build and operationalize guardrails such as data masking, prompt filtering, and response inspection • Analyze and map data flows across AI tools to identify control points and enforce protections • Secure integrations between AI tools and enterprise systems (APIs, plugins, third-party apps) • Monitor AI usage and integrate signals into SIEM, DLP, and CASB platforms • Investigate and respond to AI-related security incidents and data leakage events • Partner with engineering to embed security controls into AI pipelines and workflows • Support AI governance by enforcing policies and enabling secure AI adoption
Role Description Estamos en búsqueda de un perfil System & Security Analyst con la siguiente experiencia: - Experiencia en resiliencia operativa y cumplimiento de requisitos regulatorios como DORA y GDPR en entornos financieros o regulados. - Experiencia en gestión de vulnerabilidades y en el uso de análisis estático de seguridad sobre el ciclo de desarrollo, con referencia explícita al uso de GitHub SAST / GitHub Advanced Security. - Experiencia en seguridad en el desarrollo (Secure SDLC) y aplicación de guías OWASP para desarrollo seguro sobre tecnologías .NET Core. - Experiencia en gestión de secretos y manejo seguro de credenciales en pipelines, con uso de herramientas corporativas y referencia a Terraform y servicios de secretos en cloud. - Experiencia en auditoría y mejora continua, manteniendo documentación de procesos y registros de actividad disponibles para auditorías internas o externas. - Experiencia en evaluación inicial de riesgos técnicos y de transición, incluyendo diagnóstico AS-IS, matriz de riesgos de transición y análisis de brechas de conocimiento. - Conocimiento de entornos cloud AWS y de sus implicaciones de seguridad, resiliencia y gobernanza, incluyendo servicios como EC2, S3, RDS y despliegues controlados con Terraform. - Conocimiento de sistemas operativos Windows Server 2019 y Linux aprobados para contenedores, además de software base como IIS 10, .NET Framework / .NET Core. - Conocimiento de herramientas corporativas del cliente como JIRA Service Management, JIRA Software, Confluence, Xray, así como de observabilidad y monitorización con Nagios, Control-M, Grafana y Splunk. - Conocimiento de continuidad de servicio, simulacros de DRP, validación de RTO/RPO y reporting de resiliencia operativa. Qualifications - Capacidad analítica y de evaluación de riesgos, especialmente en fases de transición, auditoría técnica inicial y control de exposición de seguridad. - Orientación a compliance y gobernanza, asegurando alineación con controles operacionales, seguridad corporativa y estándares del cliente. - Visión de resiliencia operativa, combinando seguridad, continuidad, recuperación y estabilidad del servicio Back Office. - Capacidad de documentación y trazabilidad, generando evidencias, reportes técnicos, matrices de riesgos y documentación de arquitectura/procesos. - Comunicación técnica transversal, con interlocución con equipos de desarrollo, operaciones, seguridad, arquitectura y responsables internacionales del Grupo. - Mentalidad DevSecOps, integrando seguridad dentro del ciclo de vida del desarrollo y no como actividad aislada al final del proceso. Requirements - Experiencia en seguridad de activos y control de acceso en entornos críticos, aplicando el principio de Least Privilege y control nominal de accesos a producción. - Experiencia en resiliencia operativa y cumplimiento de requisitos regulatorios como DORA y GDPR en entornos financieros o regulados. - Experiencia en gestión de vulnerabilidades y en el uso de análisis estático de seguridad sobre el ciclo de desarrollo, con referencia explícita al uso de GitHub SAST / GitHub Advanced Security. - Experiencia en seguridad en el desarrollo (Secure SDLC) y aplicación de guías OWASP para desarrollo seguro sobre tecnologías .NET Core. - Experiencia en gestión de secretos y manejo seguro de credenciales en pipelines, con uso de herramientas corporativas y referencia a Terraform y servicios de secretos en cloud. - Experiencia en auditoría y mejora continua, manteniendo documentación de procesos y registros de actividad disponibles para auditorías internas o externas. - Experiencia en evaluación inicial de riesgos técnicos y de transición, incluyendo diagnóstico AS-IS, matriz de riesgos de transición y análisis de brechas de conocimiento. - Conocimiento de entornos cloud AWS y de sus implicaciones de seguridad, resiliencia y gobernanza, incluyendo servicios como EC2, S3, RDS y despliegues controlados con Terraform. - Conocimiento de sistemas operativos Windows Server 2019 y Linux aprobados para contenedores, además de software base como IIS 10, .NET Framework / .NET Core. - Conocimiento de herramientas corporativas del cliente como JIRA Service Management, JIRA Software, Confluence, Xray, así como de observabilidad y monitorización con Nagios, Control-M, Grafana y Splunk. - Conocimiento de continuidad de servicio, simulacros de DRP, validación de RTO/RPO y reporting de resiliencia operativa. Benefits - La modalidad de trabajo es 100% en remoto.
Senior Cyber Threat Intelligence & Forensics Analyst
CallTekYour White Label Enterprise Support Company.
Role Description - Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field. - Experience: 5+ years in a dedicated SOC, IR, or Intel role (ideally within a CSIRT or MSSP). - The Toolkit: Mastery of tools like Splunk/ELK, CrowdStrike/SentinelOne/VisionOne, Magnet AXIOM/FTK/EnCase/Autopsy, Sandbox, Volatility, and Wireshark. - Programming: Ability to script in Python or PowerShell to automate repetitive tasks or parse forensic artifacts. - Certifications: We value skills over paper, but GIAC (GCIH, GCFA, GCTI), CFE, CTIA or CHFI are highly preferred. - Familiarity with incident response processes and frameworks. - Strong analytical and problem-solving skills with attention to detail. - Excellent verbal and written communication skills to present complex technical information clearly. Qualifications - Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field. - 5+ years in a dedicated SOC, IR, or Intel role (ideally within a CSIRT or MSSP). - Mastery of tools like Splunk/ELK, CrowdStrike/SentinelOne/VisionOne, Magnet AXIOM/FTK/EnCase/Autopsy, Sandbox, Volatility, and Wireshark. - Ability to script in Python or PowerShell. - GIAC (GCIH, GCFA, GCTI), CFE, CTIA or CHFI certifications preferred. - Familiarity with incident response processes and frameworks. - Strong analytical and problem-solving skills. - Excellent verbal and written communication skills. Requirements - 5+ years in a dedicated SOC, IR, or Intel role. - Mastery of specified tools. - Ability to script in Python or PowerShell. - Preferred certifications. - Familiarity with incident response processes. - Strong analytical skills. - Excellent communication skills. Company Description
