Security Analyst

• Network Monitoring & Intrusion Detection: Perform analysis using defense tools including IDS/IPS, firewalls, and host-based security systems.
• SIEM Operations (Elastic SIEM): Use Elastic SIEM to correlate events, identify indicators of compromise, and produce actionable intelligence for response.
• Threat Detection Engineering (Analyst-led): Implement and improve log-based and endpoint-based detection strategies; validate detections and recommend tuning based on outcomes.
• Content Development: Develop and tune SIEM content such as detection rules, machine learning rules, dashboards, and visualizations aligned to customer requirements.
• Activity Correlation: Correlate data across network, cloud, and endpoints to identify attacks and unauthorized actions.
• Alert Management & Reporting: Triage alerts from SIEM and other sensors; document incidents with clear technical reporting and recommendations.
• Threat Research: Investigate emerging threats and vulnerabilities to enhance detection and incident identification processes.
• Phishing Analysis: Analyze phishing submissions and recommend appropriate response actions.
• Incident Response Support: Support containment and mitigation activities; contribute to root cause analysis and corrective actions.
• Automation & Integrations: Create or maintain scripts (Python/PowerShell) for investigation support, enrichment, and workflow automation; help integrate telemetry sources into Elastic as needed.
• Customer Training & Enablement: Provide training to customer teams on SIEM usage, detection capabilities, investigation workflows, and security best practices to drive long-term operational success.
• Operational Excellence: Contribute to documentation (runbooks, detection standards, triage playbooks) and continuous improvement of SOC workflows.

We are seeking a Security Analyst with strong Elastic SIEM experience and solid cybersecurity fundamentals who can investigate alerts, hunt threats, and help operationalize detection capabilities across network, cloud, and endpoint telemetry. This role requires analytical rigor, comfort working directly with customers, and the ability to operate with limited oversight in fast-paced environments., * 2+ years of cybersecurity experience

• Elastic SIEM proficiency: Monitoring, detection, triage, and investigation using Elastic SIEM; experience with Kibana and familiarity with Logstash / ingest pipelines preferred
• Strong cybersecurity fundamentals including network protocols, encryption concepts, and vulnerabilities
• Strong analytical skills for identifying patterns and anomalies across multiple data sources
• Scripting/automation experience using Python or PowerShell
• Experience creating and tuning SIEM rules, signatures, and dashboards
• Strong written and verbal communication skills
• Ability to problem-solve and operate under pressure in fast-paced environments
• Willingness to support domestic or international travel (short, planned engagements)
• Must possess and maintain a U.S. Passport
• Must have a Secret clearance, at minimum

Desired Skills

• Prior experience working in a Security Operations Center (SOC)
• Experience with EDR, SIEM, SOAR, and ticketing tools
• Familiarity with threat actor tactics, techniques, and procedures (TTPs)
• Familiarity with cloud environments (AWS, Azure, Google Cloud Platform) and related security telemetry
• Experience supporting Elastic observability data (logs, metrics, traces) for investigations
• Certifications such as CISSP, CEH, GCIH, Elastic Certified Analyst, or equivalent
• Entry-level cybersecurity certifications (A+, Net+, Sec+, GSEC, etc.)

Everforth ECS is seeking a Sr. Security Analyst to work in our Remote office. This position is contingent upon additional funding. As a leading managed cybersecurity services provider, ECS delivers highly tailored cybersecurity solutions aligned to each customer's mission needs. The Professional Services Team partners with customers to understand their environment, strengthen security posture, and deliver measurable outcomes across detection, response, and continuous improvement., Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies. Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.