Tier 2 Cyber Threat Analyst (CTA)

Job Description
ECS is seeking a Tier 2 Cyber Threat Analyst (CTA) to work in our Fairfax, VA office.

Job Description:

ECS is seeking Tier 2 Cyber Threat Analyst (CTA) to support a robust Cybersecurity Program in an operational DoD environment that houses multiple U.S. Coalition Mission Partner Environments (MPE), each with a unique set of data, applications, and information systems that aid in their development of Artificial Intelligence / Machine Learning (AI/ML) algorithms. The Tier 2 CTA executes operational cybersecurity processes that mitigate risk; ensure continuity of operations; and protect assets from loss, destruction, misuse, alteration, and unauthorized access / disclosure.

This position is a demanding, high-energy role that requires innovative ideas to cyber solutioning. The ideal candidate has a blend of technical abilities (e.g., networking, intrusion detection, OS knowledge, scripting, cloud security), essential soft skills (e.g., analytical thinking, problem-solving, clear communication), and intellectual curiosity critical for analyzing threats, managing incidents, assessing risks, and protecting assets from evolving cyber threats. The Tier 2 CTA reports to the SOC Manager, and collaborates closely with other tiered-level CTAs to secure and protect MPEs and related development initiatives.

Responsibilities

• Perform security event triage, investigation, and incident response.
• Monitor, detect, and analyze security threats, risks, and alerts using SOC tools; determine scope, severity, and impact.
• Conduct advanced threat hunting, malware analysis, and investigation of Indicators of Compromise (IOCs).
• Coordinate incident response activities: support containment, eradication, and recovery actions for cybersecurity incidents.
• Perform digital forensic analysis and preserve evidence following chain-of-custody procedures.
• Develop and tune SIEM correlation rules, detection logic, dashboards, and reports.
• Support ransomware, insider threat, phishing, DDoS, and data breach investigations.
• Collaborate with IT Security personnel to factor security into IT asset evaluation, selection, installation and configuration.
• Collaborate with Security Engineering teams to develop and implement controls in alignment with security policies and legal, regulatory, and compliance requirements.
• Produce incident reports, forensic reports, weekly SOC reports, and final incident documentation.
• Participate in cyber exercises, tabletop exercises, and after-action reviews.
• Develop and maintain incident response SLAs for alert triage, containment, reporting, and recovery validation.
• Develop scripts and automation to improve SOC efficiency.
• Develop and maintain incident response playbooks, SOPs, and workflows.
• Research and evaluate innovative analytical techniques and capabilities for integration into a managed security offering.
• Provide technical oversight and direction to Tier 1 CTAs.
• Provide on-call escalation support during non-business hours as needed.

Required Skills

• U.S. Citizen.
• Active Secret security clearance, with the ability to obtain a Top Secret security clearance.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related STEM (Science, Technology, Engineering and Mathematics) discipline.
• 5+ years of experience in cybersecurity operations, incident response, and/or cyber threat analysis, including 2+ years working in a SOC environment.
• DoD 8140 IAT Level 2 certification (CompTIA Security+, CySA+, GSEC, SSCP).
• Expert-level experience with SOC operations, incident detection, and response workflows.
• Tactical experience with Splunk Enterprise Security.
• Advanced understanding of TCP/IP, network fundamentals, network security, NetFlow, and associated tools.
• Advanced knowledge of malware analysis, network forensics, and packet-level inspection.
• Ability to assume full ownership and accountability for tasks and deadlines, work with limited supervision, and commit to high quality results and deliverables.
• Exceptional analytical, problem-solving, and communication skills.
• Strong decision-making ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Advanced proficiency with Microsoft Office tools and O365, including Word, Excel, PowerPoint, Teams, Outlook, and SharePoint.

Desired Skills

• Active Top Secret security clearance.
• Master's degree in a STEM discipline.
• DoD 8140 IAT Level 3 certification (CISSP, CASP+ CE, CCNP Security, CISA, GCED, GCIH).
• Prior experience with DoD environments and components/organizations.
• Previous SOC experiance.
• Hands-on experience with SIEM or SOAR platforms, IDS/IPS, and endpoint monitoring tools.
• Familiarity with the NIST Cybersecurity Framework and Risk Management Framework (RMF).
• Experience developing and maturing SOC playbooks, processes, and detection capabilities.
• Experience managing AI agents or queries in a SOC environment.
• Hands-on experience with Atlassian's Jira and Confluence.

#EverforthECS1

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

is the federal segment of , a $4B global organization with over 10,000 employees . Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams

• Fostering a culture that is engaging, accountable, and mission-driven

Meet the challenge. Make a difference with Everforth ECS!