Cyber Threat Analyst 2

Apply Now

Company: ECS

Location: Fairfax, VA 22030

Description:

ECS is seeking a Cyber Threat Analyst 2 to work in our Fairfax, VA office / hybrid.

  • Prior experience working EDR, SIEM, SOAR, and ticketing technologies.
  • Knowledge of threat actor tactics, techniques, and procedures (TTPs).
  • Ability to support ad hoc scripting in any language.
  • Possess an industry-rec.
  • Knowledge of common forensic artifacts analyzed during incidents to determine attack vectors, lateral movement, and data exfiltration.
  • Knowledge of digital forensics tactics, tools, and techniques to assist in incident resolution.
  • Experience following and helping create Incident Response procedures and playbooks.
  • Understanding of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles.
  • Possess an industry-recognized entry-level certification (e.g., A+, Net+, Sec+, GSEC, etc.). Advanced certifications like CISSP, CISM, or GIAC are highly desirable.
  • Experience with technologies such as SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, and Container Security.
  • Understanding of the MITRE ATT&CK framework and ability to create detections based on analysis of attacker tools and techniques.
  • Ability to prepare and present detailed technical reports and documentation.
  • Self-starter, collaborative, dependable, and driven personality with the ability to balance multiple priorities and meet deadlines.


  • 3+ years of SOC or cybersecurity-related experience, with at least 2+ years of experience with a SIEM tool.
  • U.S. citizenship and ability to obtain a SECRET Government Security Clearance.
  • Deep technical understanding of modern cybersecurity threats and the ability to quickly learn new cybersecurity concepts.
  • Prior experience working as an analyst in a Security Operations Center (SOC).
  • Extensive experience with EDR, SIEM, SOAR, and ticketing technologies, particularly Elastic, Splunk, Trellix, MS Sentinel/Defender, and Crowdstrike Falcon.
  • Knowledge of threat actor tactics, techniques, and procedures (TTPs).
  • Proficient in analyzing logs such as firewall, network traffic, IIS, Antivirus, and DNS.
  • Deep understanding of incident response processes, including forensic triage, determining scope, urgency, and potential impact of incidents.
  • Ability to support ad hoc scripting in any language, with experience using Python or PowerShell.
  • Ability to correlate events from multiple sources to create a timeline analysis.
  • Strong ability to organize case notes and communicate verbally and in writing to clients. Capable of preparing detailed technical reports.
  • Experience creating custom detections aligned with the MITRE ATT&CK Framework.
  • Experience in hunting for new threats and performing data analytics to identify unseen activities within the environment.
  • Ability to facilitate remediation of threats by collaborating with other IT teams or end users.
  • Acts as a mentor and escalation point for SOC Analysts.
  • Skill in tuning security tool configurations to minimize false positives.
  • Serve as a subject matter expert for security tools, applications, and processes.

Similar Jobs