Soc Analyst Tier One Jobs (NOW HIRING)

Job Summary:
ECS is a $4B global organization specializing in advanced technology solutions in data and AI, cybersecurity, and enterprise transformation. They are seeking a SOC Tier 1 Analyst to support security operations by monitoring security events, performing first-level alert triage, and escalating confirmed incidents as necessary.
Responsibilities:
• Monitor security events and alerts across SIEM, EDR, IDS/IPS, cloud, network, identity, case management, and other approved security platforms.
• Perform first-level alert validation to determine whether activity is benign, suspicious, policy-related, or requires escalation.
• Assign initial severity, scope, affected assets, affected accounts, and potential impact using approved triage criteria and runbooks.
• Escalate confirmed, ambiguous, high-risk, or complex alerts to SOC Analyst 2, SOC Analyst 3, or SOC leadership according to established procedures.
• Create and update incident tickets with clear descriptions, timestamps, evidence references, preliminary findings, and actions taken.
• Document investigation steps, alert context, decisions, and escalation rationale clearly and accurately.
• Prepare shift handoff notes and status updates to ensure continuity of monitoring and incident follow-up.
• Maintain case management hygiene, including accurate categorization, status tracking, and closure documentation for routine alerts.
• Support standard incident response activities under direction of SOC Analyst 2, SOC Analyst 3, incident responders, or SOC leadership.
• Collect readily available logs, alert details, endpoint information, user information, and other operational evidence needed for escalation.
• Coordinate basic information requests with system owners, security engineers, and other technical teams as directed.
• Track escalations and provide status updates until ownership is accepted by the appropriate SOC or specialized role.
• Use SOC tools such as SIEM, SOAR, EDR, threat intelligence portals, case management systems, and vulnerability platforms in accordance with approved procedures.
• Follow playbooks, standard operating procedures, evidence-handling expectations, and escalation thresholds consistently.
• Report suspected data quality issues, missing telemetry, dashboard problems, or tool availability concerns to SOC Analyst 2/3, Splunk engineering, or security engineering teams.
• Participate in training, drills, tabletop exercises, and lessons-learned activities to improve monitoring and triage performance.
• Stay current with common cyber threats, phishing techniques, malware trends, vulnerabilities, user behavior risks, and security operations best practices.
• Apply feedback from senior analysts to improve alert validation, documentation quality, and escalation accuracy.
• Contribute operational observations and recurring alert patterns to process improvement discussions.
Qualifications:
Required:
• U.S. Citizenship with ability to obtain and maintain a DOE “L” clearance after start.
• 1-3 years of experience in cybersecurity, IT operations, help desk, networking, systems administration, or SOC monitoring.
• Basic experience using SIEM, EDR, ticketing, case management, or log-search tools to review security events or operational alerts.
• Foundational knowledge of Windows, Linux, networking, cloud, identity, endpoint, and common cyber threat concepts.
• Ability to follow runbooks, validate alerts, document findings, and escalate issues accurately and promptly.
• Familiarity with incident escalation procedures, shift handoff practices, and basic evidence-handling expectations.
• Strong attention to detail, written documentation skills, and ability to communicate clearly with technical teams.
Preferred:
• Experience working in a 24x7 SOC, managed security operations environment, government program, or regulated organization.
• Familiarity with frameworks and guidance such as MITRE ATT&CK, NIST CSF, NIST SP 800-61, CIS Controls, or Cyber Kill Chain.
• Experience with tools such as Splunk, Microsoft Sentinel, QRadar, CrowdStrike, Microsoft Defender, Palo Alto, SOAR platforms, or similar technologies.
• Certifications such as Security+, Network+, CySA+ (in progress), CEH (in progress), or equivalent experience.
• Experience with phishing triage, malware alert validation, endpoint alerts, user behavior alerts, or network security monitoring.
• Exposure to SOC playbooks, escalation workflows, and operational reporting expectations.
Company:
Everforth ECS is the federal segment of Everforth, a $4B global organization with over 10,000 employees. Founded in 2001, the company is headquartered in Fairfax, USA, with a team of 1001-5000 employees. The company is currently Late Stage.