1

Soc Tier 1 Jobs (NOW HIRING)

Everforth ECS is seeking a SOC Tier 1 Analyst to work in our Portland, OR office. Note: This position is contingent upon contract award. The SOC Analyst 1 supports the organization's security ...

Provide teaching / mentoring to SOC Tier 1/2/3 Analysts, including incident response functions * Coordinating staff schedules and resolving scheduling gaps in coverage. * Stay current with and remain ...

Provide teaching / mentoring to SOC Tier 1/2/3 Analysts, including incident response functions * Coordinating staff schedules and resolving scheduling gaps in coverage. * Stay current with and remain ...

Provide teaching / mentoring to SOC Tier 1/2/3 Analysts, including incident response functions * Coordinating staff schedules and resolving scheduling gaps in coverage. * Stay current with and remain ...

Provide teaching / mentoring to SOC Tier 1/2/3 Analysts, including incident response functions * Coordinating staff schedules and resolving scheduling gaps in coverage. * Stay current with and remain ...

SOC Tier 3 Analyst

Portland, OR · On-site

$88K - $104K/yr

Review and resolve escalated findings from SOC Analyst 1 and SOC Analyst 2, including disputed ... tier analysts.

Provide teaching / mentoring to SOC Tier 1/2/3 Analysts, including incident response functions * Coordinating staff schedules and resolving scheduling gaps in coverage. * Stay current with and remain ...

Everforth ECS is seeking a SOC Tier 2 Analyst to work in our Portland, OR office. Note: This ... Review and investigate alerts escalated by SOC Analyst 1 or automated SOC workflows to validate ...

next page

Showing results 1-20

Soc Tier 1 information

See salary details

$11

$31

$72

How much do soc tier 1 jobs pay per hour?

As of Jul 19, 2026, the average hourly pay for soc tier 1 in the United States is $31.61, according to ZipRecruiter salary data. Most workers in this role earn between $19.95 and $37.74 per hour, depending on experience, location, and employer.

What is the difference between Soc Tier 1 vs Soc Tier 2?

AspectSoc Tier 1Soc Tier 2
CertificationsCompTIA Security+, Network+CompTIA Security+, Network+
Work EnvironmentEntry-level, monitoring security alertsMid-level, analyzing security incidents
Employer UsageCommon in security operations centers (SOCs)Often in larger organizations or teams

Soc Tier 1 professionals focus on monitoring and initial incident response, while Soc Tier 2 staff handle deeper analysis and troubleshooting. The roles are distinct but complementary within security teams, with Tier 2 requiring more experience and technical skills.

How does a SOC Tier 1 analyst typically collaborate with higher-tier analysts and other IT teams during a security incident?

As a SOC Tier 1 analyst, you'll be the first line of defense, responsible for monitoring security alerts and identifying potential threats. When a suspicious activity is detected, you'll follow established escalation protocols to collect relevant information and communicate your findings to Tier 2 or Tier 3 analysts, who perform deeper investigations. You'll also frequently coordinate with IT support or network teams to gather additional context or implement immediate containment measures. Effective communication and accurate documentation are essential, as your initial analysis often sets the stage for how incidents are handled and resolved.

What are the key skills and qualifications needed to thrive as a SOC Tier 1 Analyst, and why are they important?

To thrive as a SOC Tier 1 Analyst, you need foundational knowledge of cybersecurity principles, incident response processes, and typically a degree in computer science or a related field. Familiarity with security information and event management (SIEM) tools, intrusion detection systems (IDS), and relevant certifications like CompTIA Security+ or Cisco CCNA Cyber Ops is important. Attention to detail, critical thinking, and effective communication are crucial soft skills for identifying, escalating, and documenting security incidents. These skills ensure prompt detection and escalation of threats, helping protect organizational assets and maintain security posture.

What are SOC Tier 1 analysts?

SOC Tier 1 analysts are entry-level cybersecurity professionals who monitor and analyze security events within a Security Operations Center (SOC). Their main responsibilities include reviewing alerts from security tools, identifying possible threats, and escalating incidents to higher-tier analysts when necessary. They act as the first line of defense against cyber threats, ensuring that potential security issues are detected early and responded to promptly. Tier 1 analysts also document their findings and help maintain the overall security posture of an organization.
More about Soc Tier 1 jobs
What cities are hiring for Soc Tier 1 jobs? Cities with the most Soc Tier 1 job openings:
What states have the most Soc Tier 1 jobs? States with the most job openings for Soc Tier 1 jobs include:
Infographic showing various Soc Tier 1 job openings in the United States as of July 2026, with employment types broken down into 1% As Needed, 70% Full Time, 22% Part Time, 1% Temporary, and 6% Contract. Highlights an 93% Physical, 1% Hybrid, and 6% Remote job distribution, with an average salary of $65,757 per year, or $31.6 per hour.
SOC Tier 1 Analyst

SOC Tier 1 Analyst

ECS

Portland, OR • On-site

Full-time

Re-posted 12 hours ago


Job description

Everforth ECS is seeking a SOC Tier 1 Analyst to work in our Portland, OR office. Note: This position is contingent upon contract award.
The SOC Analyst 1 supports the organization's security operations by monitoring security events, performing first-level alert triage, validating suspicious activity, documenting tickets, and escalating confirmed or higher-risk events using approved runbooks and procedures. This role is the initial monitoring and triage tier within the SOC Analyst role family.
The ideal candidate has foundational cybersecurity or IT operations experience, understands basic security concepts and defensive technologies, and can follow established procedures while communicating clearly with SOC Analyst 2, SOC Analyst 3, incident response, engineering, and other program stakeholders.
This role involves shift work schedule to support our 24/7 operation, including weekends and holidays. Candidates must be flexible in their availability. While we make every effort to accommodate individual preferences, it's essential to understand that specific shift requests are not guaranteed and are assigned based on operational needs.
Key Responsibilities
Security Monitoring & Initial Alert Triage
  • Monitor security events and alerts across SIEM, EDR, IDS/IPS, cloud, network, identity, case management, and other approved security platforms.
  • Perform first-level alert validation to determine whether activity is benign, suspicious, policy-related, or requires escalation.
  • Assign initial severity, scope, affected assets, affected accounts, and potential impact using approved triage criteria and runbooks.
  • Escalate confirmed, ambiguous, high-risk, or complex alerts to SOC Analyst 2, SOC Analyst 3, or SOC leadership according to established procedures.

Ticketing, Documentation & Shift Handoff
  • Create and update incident tickets with clear descriptions, timestamps, evidence references, preliminary findings, and actions taken.
  • Document investigation steps, alert context, decisions, and escalation rationale clearly and accurately.
  • Prepare shift handoff notes and status updates to ensure continuity of monitoring and incident follow-up.
  • Maintain case management hygiene, including accurate categorization, status tracking, and closure documentation for routine alerts.

Incident Response Support
  • Support standard incident response activities under direction of SOC Analyst 2, SOC Analyst 3, incident responders, or SOC leadership.
  • Collect readily available logs, alert details, endpoint information, user information, and other operational evidence needed for escalation.
  • Coordinate basic information requests with system owners, security engineers, and other technical teams as directed.
  • Track escalations and provide status updates until ownership is accepted by the appropriate SOC or specialized role.

Tool Use & Procedure Adherence
  • Use SOC tools such as SIEM, SOAR, EDR, threat intelligence portals, case management systems, and vulnerability platforms in accordance with approved procedures.
  • Follow playbooks, standard operating procedures, evidence-handling expectations, and escalation thresholds consistently.
  • Report suspected data quality issues, missing telemetry, dashboard problems, or tool availability concerns to SOC Analyst 2/3, Splunk engineering, or security engineering teams.
  • Participate in training, drills, tabletop exercises, and lessons-learned activities to improve monitoring and triage performance.

Continuous Learning
  • Stay current with common cyber threats, phishing techniques, malware trends, vulnerabilities, user behavior risks, and security operations best practices.
  • Apply feedback from senior analysts to improve alert validation, documentation quality, and escalation accuracy.
  • Contribute operational observations and recurring alert patterns to process improvement discussions.

  • U.S. Citizenship with ability to obtain and maintain a DOE "L" clearance after start.
  • 1-3 years of experience in cybersecurity, IT operations, help desk, networking, systems administration, or SOC monitoring.
  • Basic experience using SIEM, EDR, ticketing, case management, or log-search tools to review security events or operational alerts.
  • Foundational knowledge of Windows, Linux, networking, cloud, identity, endpoint, and common cyber threat concepts.
  • Ability to follow runbooks, validate alerts, document findings, and escalate issues accurately and promptly.
  • Familiarity with incident escalation procedures, shift handoff practices, and basic evidence-handling expectations.
  • Strong attention to detail, written documentation skills, and ability to communicate clearly with technical teams.