Cyber Threat Analyst (Tier 3)

ECS is seeking a Cyber Threat Analyst (Tier 3) to work in a hybrid onsite/remote capacity at ECS Corporate offices located in Fairfax, VA. 

The Role:

ECS is seeking a Cyber Threat Analyst (Tier 3) to lead advanced detection and response activities within an enterprise Security Operations Center (SOC). The ideal candidate is a critical thinker and lifelong learner with deep technical expertise, proven leadership abilities, and the drive to tackle complex cybersecurity challenges. This role combines hands-on technical analysis with process ownership, mentoring, and collaboration across engineering, infrastructure, and threat intelligence teams.

You will play a key role in strengthening SOC operations – shaping processes, refining detection capabilities, and guiding junior analysts – while responding to high-impact incidents that matter to our customers and key stakeholders.

Your Responsibilities:

Threat Monitoring & Detection:

• Continuously monitor SIEM platforms, endpoint detection tools, and cloud/on-premises infrastructure for anomalies and indicators of compromise.
• Conduct intrusion detection using IDS/IPS, firewalls, and host-based security systems.
• Correlate data across network, endpoint, and cloud environments to detect unauthorized activity.
• Integrate intelligence from trusted sources (e.g., US-CERT, MS-ISAC, commercial feeds) into monitoring strategies.

Incident Response & Investigation:

• Lead the full incident lifecycle: detection, containment, eradication, recovery, and post-incident review.
• Ensure accurate documentation, tracking, and reporting of all incidents.
• Conduct forensic and log-based analysis to determine scope and root cause.
• Provide mitigation guidance and coordinate forensics support where required.
• Drive lessons-learned sessions and implement improvements.

Soc Operations & Process Management:

• Own the execution of daily SOC workflows and operational checklists.
• Develop, maintain, and refine SOPs, incident playbooks, and run books.
• Recommend and implement process and policy changes to improve governance, compliance, and efficiency.
• Evaluate CVEs and recommend mitigation strategies.
• Optimize SIEM and SOAR workflows for better visibility and faster response.

Collaboration & Leadership:

• Partner with security engineering, infrastructure, and threat intelligence teams to align technologies and policies.
• Oversee and validate threat-hunting initiatives.
• Mentor and train SOC analysts to enhance detection, triage, and investigation skills.
• Keep executives and stakeholders informed of significant incidents and trends.

Reporting & Continuous Improvement:

• Produce incident reports, dashboards, and SOC performance metrics for leadership and clients.
• Research emerging threats, vulnerabilities, and attack methods to improve detection capabilities.
• Evaluate and integrate new tools and techniques to close capability gaps and advance SOC maturity.

Other duties, as assigned.

Qualifications

• U.S. Citizen.
• Active DoD Secret security clearance, with the ability to obtain / maintain a DoD Top Secret security clearance. 
• Bachelor's or Master's degree in Cybersecurity; Information Security; Computer Science; or similar Science, Technology, Engineering and Mathematics (STEM) discipline (significant, relevant experience may substitute).
• Active DoD 8140 IAT Level II / III certification (e.g., Security+, CSSP, etc.).
• 7+ years in cybersecurity operations and incident response, to include 3+ years in a SOC environment, as well as 2+ years in a leadership role.

Technical Expertise:

• Proven hands-on experience with SIEM and EDR tools, and SOAR platforms.
• Strong knowledge of IDS/IPS, malware analysis, endpoint security, and vulnerability management (e.g., Tenable).
• Demonstrated ability to analyze and triage Indicators of Compromise (IoCs).
• Experience with two or more common CIRT or investigative analysis tools.
• Understanding of computer/network fundamentals, including OS, protocols, and encryption.

Operational & Analytical Skills:

• Advanced Splunk experience, including dashboard creation and reporting.
• Skilled at triaging detections across SIEM, IDS/IPS, endpoint, and other security technologies.
• Strong decision-making and problem-solving skills with the ability to weigh risks, costs, and benefits.
• Ability to conduct in-depth research and produce actionable assessments and predictive insights.

Leadership & Communication:

• Experience mentoring and developing junior SOC analysts.
• Ability to translate complex technical topics to non-technical stakeholders.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
• Proven ability to remain calm, decisive, and methodical under pressure.
• Commitment to ethics, compliance, and organizational values.