[Hiring] Senior SOC Analyst @ECS Tech Inc

Role Description

The Senior SOC Analyst is responsible for advanced security monitoring, investigation, and incident response activities within the Everforth Security Operations Center (SOC). This role serves as a senior technical resource within the analyst team, responsible for leading complex investigations, mentoring junior analysts, and ensuring high-quality incident analysis across enterprise environments. The Senior SOC Analyst plays a critical role in identifying sophisticated threats, escalating security incidents, and improving SOC investigative capabilities.

This role reports to the SOC Manager and works closely with the Security Engineering team, enterprise IT operations teams, and the Everforth Commercial MSSP to ensure effective monitoring, investigation, and response across the enterprise.

Responsibilities

• Advanced Threat Investigation: Conduct in-depth analysis of complex security alerts, anomalies, and potential threat activity across enterprise environments.
• Incident Response Support: Lead investigation and response activities for confirmed or suspected cybersecurity incidents affecting enterprise systems.
• Alert Triage and Escalation: Perform detailed triage of security alerts and escalate validated incidents according to established procedures.
• Investigation Leadership: Serve as the lead analyst during significant investigations, coordinating investigative efforts and guiding response activities.
• Threat Analysis: Analyze indicators of compromise, attacker behavior, and malicious artifacts to determine the scope and impact of security incidents.
• Detection Engineering: Develop and refine detection logic, analytics, and monitoring use cases based on investigative findings and threat intelligence.
• Threat Hunting: Conduct proactive threat hunting activities to identify adversary behavior not detected through automated alerts.
• MSSP Escalation Handling: Review and validate alerts and escalations originating from the MSSP after-hours monitoring team.
• Investigation Documentation: Ensure thorough documentation of investigations, findings, and response actions within the SOC case management platform.
• Operational Quality Assurance: Support the SOC Manager in maintaining investigation quality and adherence to SOC playbooks and procedures.
• Operational Effectiveness: Lead the design and implementation of SOC process improvements through automation, AI-driven solutions, workflow optimization, and continuous enhancement of detection and response capabilities.
• Operational Collaboration: Work closely with IT operations, infrastructure teams, and security engineering to support investigation and remediation activities.
• Knowledge Sharing: Mentor junior SOC analysts and provide guidance on investigative techniques, threat analysis, and incident handling procedures.
• Situational Awareness: Maintain awareness of emerging threats, attacker tactics, techniques, and procedures relevant to enterprise environments.
• Playbook Execution: Execute established SOC investigation playbooks and contribute to the refinement of operational procedures.
• On-Call Support: Participate in on-call support to assist with security incident response, operational issues, and investigation activities to maintain continuous SOC coverage and response capability.

Qualifications

• Experience: Minimum of 5 years of cybersecurity experience, with at least 3 years in a Security Operations Center or incident response role.
• Security Investigation Expertise: Strong experience investigating security alerts, analyzing suspicious activity, and determining the scope and impact of security incidents.
• Incident Response Experience: Hands-on experience supporting incident response investigations including containment, eradication, and recovery coordination.
• Security Technology Experience: Experience working with enterprise security tools such as SIEM platforms, EDR platforms, and log analysis systems.
• Threat Analysis Skills: Ability to analyze indicators of compromise, attacker behaviors, and adversary techniques during investigations.
• Log Analysis Expertise: Strong experience reviewing and interpreting system logs, endpoint telemetry, network events, and authentication activity.
• Detection Engineering Experience: Experience developing or tuning detection rules, analytics, or monitoring logic used to identify malicious activity.
• Security Framework Knowledge: Familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework or CIS Critical Security Controls.
• Investigation Documentation: Experience documenting investigations, incidents, and response actions within case management platforms.

Requirements

• Able and willing to obtain a US Security Clearance.
• This role may require occasional on-call support during off-hours to respond to security incidents.