Cyber Threat Analyst 3 at ECS – Fairfax, USA-VA

ECS is seeking a Cyber Threat Analyst 3 for our Fairfax, VA office.

Job description:

ECS is a leading provider of managed cybersecurity services. ECS delivers a highly customized and tailored offering to each client. Our team is responsible for protecting ECS’ corporate and client networks. Our mission is broad and our team is flexible. We will leverage your unique skills to solve client challenges, such as designing a system to address a technical hurdle, protecting client data, or advising on a wide range of security topics. You will be empowered to engage and lead multiple groups and must have the self-reliance and focus to work well without constant supervision.

Our Tier 3 SOC analysts are responsible for investigating threats targeting the internal network of ECS and commercial customers. They support the commercial cybersecurity program during core and non-core business hours.

Responsibilities:

Lead incident response, including forensic triage and detailed technical reporting.
Provide guidance and act as a point of contact for junior SOC analysts.
Develop and implement custom detections that align with the MITRE ATT&CK Framework.
Hunt for threats and perform data analysis to identify and mitigate unseen threats.
Customize and configure security tools to minimize false positives.
Analyze and correlate logs from multiple sources to create comprehensive incident timelines.
Enable threat remediation by collaborating with IT teams and end users.
Serve as an expert on security tools, applications, and processes.
Support investigations into large-scale and small-scale cyber breaches.
Communicate cyber events to internal and external stakeholders.
Provide customers with incident response support, including mitigation measures to contain activity and facilitate forensic analysis as needed. Document formal, technical incident reports.

Required skills:

Minimum 5 years of experience with SOC or cybersecurity, of which at least 3 years with a SIEM tool.
US citizenship and the ability to obtain a SECRET government security clearance.
Bachelor’s degree; preferably in Computer Science, Information Security or a related field. Experience will be considered in lieu of a degree.
Deep technical knowledge of modern cybersecurity threats and the ability to quickly learn new cybersecurity concepts.
Previous experience as an analyst in a Security Operations Center (SOC).
Extensive experience with EDR, SIEM, SOAR and ticketing technologies, specifically Elastic, Splunk, Trellix, MS Sentinel/Defender and Crowdstrike Falcon.
Knowledge of threat actor tactics, techniques and procedures (TTPs).
Skilled in analyzing logs from firewalls, network traffic, IIS, antivirus and DNS, among others.
In-depth knowledge of incident response processes, including forensic triage, determining the scope, urgency and potential impact of incidents.
Ability to support ad-hoc scripting in any language, with experience using Python or PowerShell.
Ability to correlate events from multiple sources to create timeline analysis.
Strong ability to organize case notes and communicate with clients verbally and in writing. Able to prepare detailed technical reports.
Experience creating custom detections that align with the MITRE ATT&CK Framework.
Experience in detecting emerging threats and performing data analysis to identify stealth activity within the environment.
Ability to facilitate threat remediation by collaborating with other IT teams or end users.
Serves as a mentor and escalation point for SOC analysts.
Proficiency in tuning security tool configurations to minimize false positives.
Serve as an expert on security tools, applications, and processes.

Desired skills:

Previous experience as an analyst in a Security Operations Center (SOC).
Previous experience with EDR, SIEM, SOAR and ticketing technologies.
Knowledge of threat actor tactics, techniques and procedures (TTPs).
Ability to support ad-hoc scripting in any language.
Gain industry-specific knowledge of common forensic artifacts analyzed during incidents to determine attack vectors, lateral movement, and data exfiltration.
Knowledge of digital forensic tactics, tools and techniques to support incident resolution.
Experience in following and helping to develop incident response procedures and scripts.
In-depth knowledge of classic and emerging threat actor tactics, techniques, and procedures in both the pre- and post-exploitation phases of attack cycles.
Have an industry-recognized entry-level certification (e.g., A+, Net+, Sec+, GSEC, etc.). Advanced certifications such as CISSP, CISM, or GIAC are highly desirable.
Experience with technologies such as SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security and Container Security.
Knowledge of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools and techniques.
Ability to prepare and present detailed technical reports and documentation.
Self-starter, collaborative, reliable and driven, with the ability to balance multiple priorities and meet deadlines.

ECS is an equal opportunity employer and does not discriminate or permit discrimination based on race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, crime victim status, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, the disabled, and veterans.

ECS is a leading mid-market provider of technology services to the U.S. federal government. We are focused on people, values, and purpose. Every day, our 3,800+ employees are focused on delivering their technical talent to support the federal agencies and departments of the U.S. government to serve, protect, and defend the American people.