Government Program Analyst Jobs in Oregon (NOW HIRING)

Job Summary:
Everforth ECS is a global organization specializing in advanced technology solutions including cybersecurity. They are seeking a SOC Tier 2 Analyst to support security operations by investigating escalated alerts, coordinating incident responses, and improving detection processes.
Responsibilities:
• Review and investigate alerts escalated by SOC Analyst 1 or automated SOC workflows to validate severity, scope, potential impact, and required response actions.
• Analyze suspicious activity, indicators of compromise, anomalous behavior, and policy violations using logs, endpoint telemetry, network data, identity data, cloud events, and other evidence.
• Correlate evidence across security platforms to identify affected assets, affected accounts, attack paths, timeline of activity, and potential business or mission impact.
• Map observed behaviors to applicable frameworks and threat models such as MITRE ATT&CK when useful for investigation, reporting, or detection improvement.
• Support containment, eradication, and recovery activities for standard or moderate incidents in alignment with incident response plans and approved playbooks.
• Coordinate with system owners, security engineers, senior analysts, and other technical teams to gather evidence, validate impact, and support response actions.
• Escalate complex, high-impact, evidence-sensitive, or ambiguous incidents to SOC Analyst 3, SOC leadership, Forensics, Threat Hunter, Threat Intelligence Analyst, or other specialized roles as appropriate.
• Maintain accurate incident status, action tracking, and communications during investigation and response activities.
• Analyze recurring alerts, false positives, attack patterns, threat intelligence, vulnerabilities, and emerging tactics to identify opportunities to improve detection and response.
• Recommend updates to correlation rules, alert logic, dashboards, use cases, response playbooks, and triage procedures based on investigation outcomes.
• Operationalize threat intelligence in triage and investigation workflows by applying relevant indicators, adversary behaviors, vulnerabilities, and contextual reporting.
• Provide operational requirements and validation feedback to SOC Analyst 3, SOC Threat Hunter, Senior Splunk Engineer, Splunk Architect/Lead, Security Engineer, and SOC Technical Writer as appropriate.
• Document investigation activities, evidence, decisions, response actions, and outcomes clearly and accurately.
• Prepare incident summaries, ticket updates, timelines, shift handoff notes, and supporting information for after-action documentation.
• Communicate technical findings in clear operational, business, and risk language for SOC leadership and affected stakeholders.
• Provide evidence summaries and analysis notes that can be used by Forensics or specialized teams when deeper analysis is required.
• Provide escalation guidance, quality feedback, and informal mentoring to SOC Analyst 1 personnel.
• Participate in lessons-learned activities, tabletop exercises, detection reviews, and SOC process improvement efforts.
• Stay current with evolving cyber threats, vulnerabilities, detection techniques, and security operations best practices.
• Contribute to continuous improvement of SOC workflows, investigation checklists, documentation practices, and escalation procedures.
Qualifications:
Required:
• U.S. Citizenship with ability to obtain and maintain a DOE “L” clearance after start.
• 3-5 years of experience in SOC operations, incident response, security monitoring, threat monitoring, or related technical cybersecurity roles.
• Experience triaging escalated alerts and investigating security events using SIEM, EDR, ticketing, case management, and log analysis tools.
• Intermediate knowledge of Windows, Linux, networking, cloud, identity, endpoint, and application security concepts.
• Working knowledge of common attack techniques, incident response lifecycle activities, escalation procedures, playbooks, and evidence-handling practices.
• Ability to correlate evidence across multiple tools, develop incident timelines, and determine recommended response actions.
• Strong analytical, written documentation, communication, and collaboration skills, including the ability to guide SOC Analyst 1 personnel.
Preferred:
• Experience working in a 24x7 SOC, managed security operations environment, government program, or regulated organization.
• Familiarity with frameworks and guidance such as MITRE ATT&CK, NIST CSF, NIST SP 800-61, CIS Controls, or Cyber Kill Chain.
• Experience with tools such as Splunk, Microsoft Sentinel, QRadar, CrowdStrike, Microsoft Defender, Palo Alto, SOAR platforms, or similar technologies.
• Certifications such as Security+, CySA+, GCIH, GCIA, CEH, SSCP, or equivalent experience.
• Experience contributing to detection tuning recommendations, response playbook updates, tabletop exercises, or lessons-learned activities.
• Experience coordinating with threat intelligence, threat hunting, forensics, Splunk engineering, security engineering, or incident response teams.
Company:
Everforth ECS is the federal segment of Everforth, a $4B global organization with over 10,000 employees. Founded in 2001, the company is headquartered in Fairfax, USA, with a team of 1001-5000 employees. The company is currently Late Stage.