Tier 2 Cyber Threat Analyst (CTA)

Job Description

ECS is seeking a Tier 2 Cyber Threat Analyst (CTA) to work in our Fairfax, VA office.

Job Description

ECS is seeking Tier 2 Cyber Threat Analyst (CTA) to support a robust Cybersecurity Program in an operational DoD environment that houses multiple U.S. Coalition Mission Partner Environments (MPE), each with a unique set of data, applications, and information systems that aid in their development of Artificial Intelligence / Machine Learning (AI/ML) algorithms. The Tier 2 CTA executes operational cybersecurity processes that mitigate risk; ensure continuity of operations; and protect assets from loss, destruction, misuse, alteration, and unauthorized access / disclosure.

This position is a demanding, high-energy role that requires innovative ideas to cyber solutioning. The ideal candidate has a blend of technical abilities (e.g., networking, intrusion detection, OS knowledge, scripting, cloud security), essential soft skills (e.g., analytical thinking, problem-solving, clear communication), and intellectual curiosity critical for analyzing threats, managing incidents, assessing risks, and protecting assets from evolving cyber threats. The Tier 2 CTA reports to the SOC Manager, and collaborates closely with other tiered-level CTAs to secure and protect MPEs and related development initiatives.

Responsibilities

• Perform security event triage, investigation, and incident response.
• Monitor, detect, and analyze security threats, risks, and alerts using SOC tools; determine scope, severity, and impact.
• Conduct advanced threat hunting, malware analysis, and investigation of Indicators of Compromise (IOCs).
• Coordinate incident response activities: support containment, eradication, and recovery actions for cybersecurity incidents.
• Perform digital forensic analysis and preserve evidence following chain-of-custody procedures.
• Develop and tune SIEM correlation rules, detection logic, dashboards, and reports.
• Support ransomware, insider threat, phishing, DDoS, and data breach investigations.
• Collaborate with IT Security personnel to factor security into IT asset evaluation, selection, installation and configuration.
• Collaborate with Security Engineering teams to develop and implement controls in alignment with security policies and legal, regulatory, and compliance requirements.
• Produce incident reports, forensic reports, weekly SOC reports, and final incident documentation.
• Participate in cyber exercises, tabletop exercises, and after-action reviews.
• Develop and maintain incident response SLAs for alert triage, containment, reporting, and recovery validation.
• Develop scripts and automation to improve SOC efficiency.
• Develop and maintain incident response playbooks, SOPs, and workflows.
• Research and evaluate innovative analytical techniques and capabilities for integration into a managed security offering.
• Provide technical oversight and direction to Tier 1 CTAs.
• Provide on-call escalation support during non-business hours as needed.

Required Skills

• U.S. Citizen.
• Active Secret security clearance, with the ability to obtain a Top Secret security clearance.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related STEM (Science, Technology, Engineering and Mathematics) discipline.
• 5+ years of experience in cybersecurity operations, incident response, and/or cyber threat analysis, including 2+ years working in a SOC environment.
• DoD 8140 IAT Level 2 certification (CompTIA Security+, CySA+, GSEC, SSCP).
• Expert-level experience with SOC operations, incident detection, and response workflows.
• Tactical experience with Splunk Enterprise Security.
• Advanced understanding of TCP/IP, network fundamentals, network security, NetFlow, and associated tools.
• Advanced knowledge of malware analysis, network forensics, and packet-level inspection.
• Ability to assume full ownership and accountability for tasks and deadlines, work with limited supervision, and commit to high quality results and deliverables.
• Exceptional analytical, problem-solving, and communication skills.
• Strong decision-making ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Advanced proficiency with Microsoft Office tools and O365, including Word, Excel, PowerPoint, Teams, Outlook, and SharePoint.

Desired Skills

• Active Top Secret security clearance.
• Master’s degree in a STEM discipline.
• DoD 8140 IAT Level 3 certification (CISSP, CASP+ CE, CCNP Security, CISA, GCED, GCIH).
• Prior experience with DoD environments and components/organizations.
• Previous SOC experiance.
• Hands-on experience with SIEM or SOAR platforms, IDS/IPS, and endpoint monitoring tools.
• Familiarity with the NIST Cybersecurity Framework and Risk Management Framework (RMF).
• Experience developing and maturing SOC playbooks, processes, and detection capabilities.
• Experience managing AI agents or queries in a SOC environment.
• Hands-on experience with Atlassian’s Jira and Confluence.