1

Tier Three Soc Analyst Jobs (NOW HIRING)

Everforth ECS is seeking a SOC Tier 2 Analyst to work in our Portland, OR office. Note: This ... Escalate complex, high-impact, evidence-sensitive, or ambiguous incidents to SOC Analyst 3, SOC ...

SOC Tier 3 Analyst

Portland, OR · On-site

$88K - $104K/yr

Everforth ECS is seeking a SOC Tier 3 Analyst to work in our Portland, OR office. Note: This position is contingent upon contract award. The SOC Analyst 3 supports the organization's security ...

Evolver is seeking a SOC Analyst (Tier 3) to join our growing team in support of a large Security Operations program with our Federal client located in Leesburg, VA. The ideal candidate will have ...

SOC Analyst (Tier 3)

Leesburg, VA · On-site

$115K - $130K/yr

Evolver is seeking a SOC Analyst (Tier 3) to join our growing team in support of a large Security Operations program with our Federal client located in Leesburg, VA. The ideal candidate will have ...

Evolver is seeking a SOC Analyst (Tier 3) to join our growing team in support of a large Security Operations program with our Federal client located in Leesburg, VA. The ideal candidate will have ...

SOC Analyst (Tier 3)

Leesburg, VA · On-site

$115K - $130K/yr

Evolver is seeking a SOC Analyst (Tier 3) to join our growing team in support of a large Security Operations program with our Federal client located in Leesburg, VA. The ideal candidate will have ...

Everforth ECS is seeking a SOC Tier 1 Analyst to work in our Portland, OR office. Note: This ... Escalate confirmed, ambiguous, high-risk, or complex alerts to SOC Analyst 2, SOC Analyst 3, or SOC ...

next page

Showing results 1-20

Tier Three Soc Analyst information

See salary details

$35.5K

$99.2K

$127K

How much do tier three soc analyst jobs pay per year?

As of Jul 13, 2026, the average yearly pay for tier three soc analyst in the United States is $99,157.00, according to ZipRecruiter salary data. Most workers in this role earn between $72,000.00 and $126,500.00 per year, depending on experience, location, and employer.

What is the difference between Tier Three Soc Analyst vs Tier Two Soc Analyst?

AspectTier Three Soc AnalystTier Two Soc Analyst
CertificationsSecurity+, CISSP, CEHSecurity+, CySA+, GSEC
Work EnvironmentAdvanced incident response, threat hunting, complex analysisMonitoring, initial incident triage, escalation
ResponsibilitiesHandling sophisticated threats, root cause analysis, threat huntingMonitoring alerts, initial investigation, escalation

The main difference between a Tier Three Soc Analyst and a Tier Two Soc Analyst lies in the complexity of tasks and experience level. Tier Three analysts handle advanced threat detection and incident response, often performing threat hunting and root cause analysis. In contrast, Tier Two analysts focus on monitoring alerts, initial investigations, and escalating issues. Both roles require security certifications, but Tier Three analysts typically possess more advanced credentials and experience.

More about Tier Three Soc Analyst jobs
What cities are hiring for Tier Three Soc Analyst jobs? Cities with the most Tier Three Soc Analyst job openings:
What states have the most Tier Three Soc Analyst jobs? States with the most job openings for Tier Three Soc Analyst jobs include:
What job categories do people searching Tier Three Soc Analyst jobs look for? The top searched job categories for Tier Three Soc Analyst jobs are:
Infographic showing various Tier Three Soc Analyst job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $99,157 per year, or $47.7 per hour.
SOC Tier 2 Analyst

SOC Tier 2 Analyst

ECS

Portland, OR • On-site

Full-time

Re-posted 24 days ago


Job description

Everforth ECS is seeking a SOC Tier 2 Analyst to work in our Portland, OR office. Note: This position is contingent upon contract award.
The SOC Analyst 2 supports the organization's security operations by conducting deeper investigation of escalated alerts, correlating security telemetry, supporting incident response activities, and preparing incident summaries and recommendations. This role is the mid-level investigation and response-support tier within the SOC Analyst role family.
The ideal candidate has hands-on SOC or security operations experience, understands common attack techniques and defensive technologies, and can independently investigate security events while coordinating with SOC Analyst 1, SOC Analyst 3, threat intelligence, threat hunting, forensics, engineering, and business stakeholders.
This role involves shift work schedule to support our 24/7 operation, including weekends and holidays. Candidates must be flexible in their availability. While we make every effort to accommodate individual preferences, it's essential to understand that specific shift requests are not guaranteed and are assigned based on operational needs.
Key Responsibilities
Escalated Alert Investigation & Correlation
  • Review and investigate alerts escalated by SOC Analyst 1 or automated SOC workflows to validate severity, scope, potential impact, and required response actions.
  • Analyze suspicious activity, indicators of compromise, anomalous behavior, and policy violations using logs, endpoint telemetry, network data, identity data, cloud events, and other evidence.
  • Correlate evidence across security platforms to identify affected assets, affected accounts, attack paths, timeline of activity, and potential business or mission impact.
  • Map observed behaviors to applicable frameworks and threat models such as MITRE ATT&CK when useful for investigation, reporting, or detection improvement.

Incident Response & Coordination Support
  • Support containment, eradication, and recovery activities for standard or moderate incidents in alignment with incident response plans and approved playbooks.
  • Coordinate with system owners, security engineers, senior analysts, and other technical teams to gather evidence, validate impact, and support response actions.
  • Escalate complex, high-impact, evidence-sensitive, or ambiguous incidents to SOC Analyst 3, SOC leadership, Forensics, Threat Hunter, Threat Intelligence Analyst, or other specialized roles as appropriate.
  • Maintain accurate incident status, action tracking, and communications during investigation and response activities.

Detection, Tuning & Process Improvement Input
  • Analyze recurring alerts, false positives, attack patterns, threat intelligence, vulnerabilities, and emerging tactics to identify opportunities to improve detection and response.
  • Recommend updates to correlation rules, alert logic, dashboards, use cases, response playbooks, and triage procedures based on investigation outcomes.
  • Operationalize threat intelligence in triage and investigation workflows by applying relevant indicators, adversary behaviors, vulnerabilities, and contextual reporting.
  • Provide operational requirements and validation feedback to SOC Analyst 3, SOC Threat Hunter, Senior Splunk Engineer, Splunk Architect/Lead, Security Engineer, and SOC Technical Writer as appropriate.

Reporting & Documentation
  • Document investigation activities, evidence, decisions, response actions, and outcomes clearly and accurately.
  • Prepare incident summaries, ticket updates, timelines, shift handoff notes, and supporting information for after-action documentation.
  • Communicate technical findings in clear operational, business, and risk language for SOC leadership and affected stakeholders.
  • Provide evidence summaries and analysis notes that can be used by Forensics or specialized teams when deeper analysis is required.

Mentorship & Continuous Improvement
  • Provide escalation guidance, quality feedback, and informal mentoring to SOC Analyst 1 personnel.
  • Participate in lessons-learned activities, tabletop exercises, detection reviews, and SOC process improvement efforts.
  • Stay current with evolving cyber threats, vulnerabilities, detection techniques, and security operations best practices.
  • Contribute to continuous improvement of SOC workflows, investigation checklists, documentation practices, and escalation procedures.

  • U.S. Citizenship with ability to obtain and maintain a DOE "L" clearance after start.
  • 3-5 years of experience in SOC operations, incident response, security monitoring, threat monitoring, or related technical cybersecurity roles.
  • Experience triaging escalated alerts and investigating security events using SIEM, EDR, ticketing, case management, and log analysis tools.
  • Intermediate knowledge of Windows, Linux, networking, cloud, identity, endpoint, and application security concepts.
  • Working knowledge of common attack techniques, incident response lifecycle activities, escalation procedures, playbooks, and evidence-handling practices.
  • Ability to correlate evidence across multiple tools, develop incident timelines, and determine recommended response actions.
  • Strong analytical, written documentation, communication, and collaboration skills, including the ability to guide SOC Analyst 1 personnel.