Note: The job is a remote job and is open to candidates in USA. ECS is seeking a SOC Analyst IV to join a premier cybersecurity program supporting a major federal civilian agency. The role involves providing Tier III support, leading complex investigations, mentoring junior analysts, and contributing to the continuous improvement of the SOC's capabilities.
Responsibilities
- Provide Tier III support for SIEM alert triage, forensic analysis, and escalation, handling the most complex and high-priority security events within the SOC environment
- Maintain situational awareness across all SOC tools and telemetry sources, ensuring continuous visibility into the agency's security posture
- Lead shift handovers with clear, thorough documentation, ensuring seamless operational continuity across all SOC shifts
- Contribute to the development, review, and ongoing improvement of standard operating procedures (SOPs) and incident response playbooks to ensure they remain current, accurate, and operationally effective
- Support Red Team and Purple Team exercises to validate detection coverage, improve response procedures, and identify gaps in the SOC's defensive capabilities
- Apply the MITRE ATT&CK framework to map adversary tactics, techniques, and procedures (TTPs) during investigations, turning fragmented alerts into clear and actionable threat narratives
- Conduct in-depth forensic analysis of endpoint, network, and cloud telemetry to support incident investigations and root cause analysis activities
- Support and contribute to the four phases of the NIST SP 800-61 incident response lifecycle, Preparation, Detection and Analysis, Containment/Eradication/Recovery, and Post-Incident Activity, ensuring thorough documentation and stakeholder communication at each stage
- Mentor and provide technical guidance to Tier I and Tier II SOC analysts, supporting their professional development and improving overall team capability
- Collaborate with threat hunting, CTI, and security engineering teams to operationalize new detection logic and ensure the SOC benefits from the latest intelligence
- Produce high-quality incident reports, shift logs, and technical documentation for both technical teams and senior government officials
- Contribute to detection engineering and automation initiatives to reduce manual workload and improve analyst efficiency across the SOC
Skills
- Experience in cybersecurity, specifically in a Security Operations Center (SOC) environment
- Proficiency in Tier III support for SIEM alert triage, forensic analysis, and escalation
- Ability to handle complex and high-priority security events
- Experience with developing, reviewing, and improving standard operating procedures (SOPs) and incident response playbooks
- Familiarity with the MITRE ATT&CK framework
- Experience conducting in-depth forensic analysis of endpoint, network, and cloud telemetry
- Knowledge of the NIST SP 800-61 incident response lifecycle
- Ability to mentor and provide technical guidance to junior SOC analysts
- Experience collaborating with threat hunting, CTI, and security engineering teams
- Strong documentation skills for incident reports, shift logs, and technical documentation
Company Overview