user avatar

SOC Analyst IV

ECS

Posted today

Job Requirements

VA
Public Trust Polygraph Unspecified
Career Level not specified
$120,000 - $140,000

Job Description

Job Description
Everforth ECS is seeking a SOC Analyst IV who lives in close proximity to the National Capital Region (NCR) to join a premier, enterprise-scale cybersecurity program supporting a major federal civilian agency.

Please Note: This position is contingent upon contract award.

Salary Range: $120,000 - $140,000

This flagship initiative unifies 24x7x365 Security Operations (SOC), proactive threat hunting, and advanced Security Engineering and Architecture into a cohesive defensive mission. As a senior technical contributor on this program, you will drive the protection of highly sensitive, national-level financial, and personally identifiable information (PII). You will be at the forefront of modernizing the agency's cyber posture, implementing advanced automation, and ensuring continuous operational resilience across a massive, highly complex federal IT enterprise.

As a SOC Analyst IV, you will operate at the Tier III level, serving as one of the most technically advanced analysts on the team and a cornerstone of the SOC's detection, triage, and response capability. Working alongside the SOC Manager, threat hunting teams, and security engineers, you will lead the most complex investigations, mentor junior analysts, and contribute directly to the continuous improvement of the SOC's playbooks, detection logic, and operational procedures. When the most sophisticated threats emerge, you will be the analyst the team turns to for deep technical expertise, sound judgment, and decisive action.

Position Responsibilities:
  • Provide Tier III support for SIEM alert triage, forensic analysis, and escalation, handling the most complex and high-priority security events within the SOC environment.
  • Maintain situational awareness across all SOC tools and telemetry sources, ensuring continuous visibility into the agency's security posture.
  • Lead shift handovers with clear, thorough documentation, ensuring seamless operational continuity across all SOC shifts.
  • Contribute to the development, review, and ongoing improvement of standard operating procedures (SOPs) and incident response playbooks to ensure they remain current, accurate, and operationally effective.
  • Support Red Team and Purple Team exercises to validate detection coverage, improve response procedures, and identify gaps in the SOC's defensive capabilities.
  • Apply the MITRE ATT&CK framework to map adversary tactics, techniques, and procedures (TTPs) during investigations, turning fragmented alerts into clear and actionable threat narratives.
  • Conduct in-depth forensic analysis of endpoint, network, and cloud telemetry to support incident investigations and root cause analysis activities.
  • Support and contribute to the four phases of the NIST SP 800-61 incident response lifecycle, Preparation, Detection and Analysis, Containment/Eradication/Recovery, and Post-Incident Activity, ensuring thorough documentation and stakeholder communication at each stage.
  • Mentor and provide technical guidance to Tier I and Tier II SOC analysts, supporting their professional development and improving overall team capability.
  • Collaborate with threat hunting, CTI, and security engineering teams to operationalize new detection logic and ensure the SOC benefits from the latest intelligence.
  • Produce high-quality incident reports, shift logs, and technical documentation for both technical teams and senior government officials.

Contribute to detection engineering and automation initiatives to reduce manual workload and improve analyst efficiency across the SOC.
Required Skills
  • U.S. Citizenship required.
  • 6+ years of SOC experience, with demonstrated expertise in Tier III incident response, forensic analysis, and SIEM operations.
  • Remote but within close proximity to the NCR.
  • Active Public Trust 6c clearance, or the ability to obtain and maintain one.
  • At least one of the following certifications: GCIA, CEH, or CompTIA Security+.
  • Hands-on experience with SIEM platforms and endpoint telemetry analysis in a federal or enterprise environment.
  • Strong experience with operating systems, networking fundamentals, and AWS native security capabilities.
  • Deep understanding of the NIST SP 800-61 incident response framework and its practical application within a tiered SOC environment.
  • Demonstrated ability to apply the MITRE ATT&CK framework to real-world incident investigations and detection improvement activities.
  • Experience contributing to or developing incident response playbooks, SOPs, and lessons-learned documentation.
  • Proven ability to lead shift handovers and maintain clear, accurate operational documentation in a 24x7x365 environment.
  • Strong written and verbal communication skills, with the ability to translate complex technical findings into actionable language for both technical and executive audiences.
Desired Skills
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent professional experience.
  • One of the following certifications.
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Reverse Engineering Malware (GREM)
  • GIAC Security Expert (GSE)
  • AWS Cloud Practitioner or higher, with AWS GovCloud experience desired
  • Familiarity with federal cybersecurity frameworks including NIST SP 800-53, NIST RMF, IRS Publication 1075, FedRAMP, and OMB compliance requirements.
  • Experience supporting continuous monitoring programs and coordinating with stakeholders on POA&M remediation tracking.
  • Prior experience working on large-scale federal civilian agency programs with complex, multi-stakeholder environments.
  • Experience with SOAR platforms to automate repetitive SOC tasks and accelerate incident response workflows.
  • Familiarity with malware analysis techniques, including static analysis, sandboxing, and IoC extraction.
  • Experience with cloud-native security operations in AWS GovCloud or Azure Government environments.
  • Ability to support detection engineering efforts, including writing and tuning SIEM detection rules and correlation logic.
  • Familiarity with scripting languages such as Python or PowerShell for log parsing and investigation acceleration.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:
  • Attracting and developing top talent and high-performing teams
  • Fostering a culture that is engaging, accountable, and mission-driven


Meet the challenge. Make a difference with Everforth ECS!
group id: 10112231A
Find ECS on Social Media
Recruiters
user avatar
About Us
ECS, a key segment of ASGN Incorporated, is a trusted IT systems integrator serving government agencies. ECS provides modern digital solutions that enable fast and efficient decision making and support the effective execution of government agency operations. ECS’ leading-edge AI, cybersecurity, and open data management solutions boost collaboration, innovation, and worker productivity, improve employee and customer experiences, and protect critical agency data and assets.

ECS Jobs


Job Category
IT - Security
Clearance Level
Public Trust
Employer
ECS