Cyber Threat Analyst 3

ECS is seeking a Cyber Threat Analyst 3 to work in our Fairfax, VA office.

Job Description:

ECS is a leading managed cybersecurity services provider, ECS delivers a highly tailored and customized offering to each customer. Our team is responsible for protecting the ECS corporate and customer networks. Our mission is broad, and our team is agile. We will leverage your unique skills to help solve customers’ challenges, such as engineering a system to address a technical hurdle, protecting customer data, or consulting on a wide range security topics. You are empowered to engage and lead across multiple groups and must have the self-sufficiency and focus to work well without constant oversight.

Our Tier 3 SOC Analysts are responsible for investigating threats targeting ECS’ internal network and commercial customers. They support the commercial cybersecurity program during core and non-core business hours.

Responsibilities:

• Lead incident response efforts, including forensic triage and detailed technical reporting.
• Mentor and act as an escalation point for junior SOC analysts.
• Develop and implement custom detections aligned with the MITRE ATT&CK Framework.
• Conduct threat hunting and perform data analytics to identify and mitigate unseen threats.
• Tune and configure security tools to minimize false positives.
• Analyze and correlate logs from various sources to create comprehensive incident timelines.
• Facilitate threat remediation efforts by collaborating with IT teams and end users.
• Serve as a subject matter expert for security tools, applications, and processes.
• Support the investigation of large- and small-scale cyber breaches.
• Communicate cyber events to internal and external stakeholders.
• Provide customers with incident response support, including mitigating actions to contain activity and facilitate forensics analysis when necessary. Document formal, technical incident reports.

Required Skills:

• 5+ years of SOC or cybersecurity-related experience, with at least 3+ years of experience with a SIEM tool.
• U.S. citizenship and ability to obtain a SECRET Government Security Clearance.
• Bachelor’s degree; preferably in Computer Science, Information Security, or a related field. Will consider experience in lieu of a degree.
• Deep technical understanding of modern cybersecurity threats and the ability to quickly learn new cybersecurity concepts.
• Prior experience working as an analyst in a Security Operations Center (SOC).
• Extensive experience with EDR, SIEM, SOAR, and ticketing technologies, particularly Elastic, Splunk, Trellix, MS Sentinel/Defender, and Crowdstrike Falcon.
• Knowledge of threat actor tactics, techniques, and procedures (TTPs).
• Proficient in analyzing logs such as firewall, network traffic, IIS, Antivirus, and DNS.
• Deep understanding of incident response processes, including forensic triage, determining scope, urgency, and potential impact of incidents.
• Ability to support ad hoc scripting in any language, with experience using Python or PowerShell.
• Ability to correlate events from multiple sources to create a timeline analysis.
• Strong ability to organize case notes and communicate verbally and in writing to clients. Capable of preparing detailed technical reports.
• Experience creating custom detections aligned with the MITRE ATT&CK Framework.
• Experience in hunting for new threats and performing data analytics to identify unseen activities within the environment.
• Ability to facilitate remediation of threats by collaborating with other IT teams or end users.
• Acts as a mentor and escalation point for SOC Analysts.
• Skill in tuning security tool configurations to minimize false positives.
• Serve as a subject matter expert for security tools, applications, and processes.

Desired Skills:

• Prior experience working as an analyst in a Security Operations Center (SOC).
• Prior experience working EDR, SIEM, SOAR, and ticketing technologies.
• Knowledge of threat actor tactics, techniques, and procedures (TTPs).
• Ability to support ad hoc scripting in any language.
• Possess an industry-rec•  Knowledge of common forensic artifacts analyzed during incidents to determine attack vectors, lateral movement, and data exfiltration.
• Knowledge of digital forensics tactics, tools, and techniques to assist in incident resolution.
• Experience following and helping create Incident Response procedures and playbooks.
• Deep understanding of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles.
• Possess an industry-recognized entry-level certification (e.g., A+, Net+, Sec+, GSEC, etc.). Advanced certifications like CISSP, CISM, or GIAC are highly desirable.
• Experience with technologies such as SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, and Container Security.
• Understanding of the MITRE ATT&CK framework and ability to create detections based on analysis of attacker tools and techniques.
• Ability to prepare and present detailed technical reports and documentation.
• Self-starter, collaborative, dependable, and driven personality with the ability to balance multiple priorities and meet deadlines.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.