×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager

Security Operations Center Analyst

Job in Fairfax, Fairfax County, Virginia, 22032, USA
Listing for: ECS
Full Time position
Listed on 2026-06-02
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

Job Description

Everforth ECS is seeking a Security Operations Center Analyst to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax.

Please Note:

This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational war fighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Security Operations Center Analyst supports WDP's 24/7 continuous monitoring mission by performing structured threat detection, incident investigation, and response operations across NIPRNet, SIPRNet, and JWICS. This role operates within an integrated SOC environment leveraging Splunk SIEM, SOAR-driven automation, and AI-assisted triage capabilities to identify adversary behavior, contain incidents, and sustain cyber defense resilience across WDP's classified and unclassified mission enclaves.

Responsibilities
  • Executes continuous security monitoring operations across classified and unclassified DoW networks, supporting mission systems operating on NIPRNet, SIPRNet, and JWICS.
  • Analyzes security events generated by enterprise Security Information and Event Management platforms including Splunk and Elastic, correlating host, network, and application telemetry to identify anomalous activity and potential adversary behavior.
  • Conducts structured incident investigations using established incident response playbooks aligned to DoW Cyber Incident Handling Program guidance, documenting findings within Service Now and SharePoint tracking repositories.
  • Performs proactive threat hunting activities leveraging MITRE ATT&CK mappings, endpoint telemetry, network flow data, and log analytics to detect previously unidentified threats.
  • Coordinates containment and remediation actions with system administrators, ISSOs, and vulnerability management teams, supporting rapid mitigation of malware, unauthorized access, and policy violations.
  • Maintains detailed incident records, forensic timelines, and evidentiary artifacts supporting after-action reporting and continuous monitoring requirements under the Risk Management Framework.
  • Tunes detection logic, refines correlation rules, and contributes to improvement of SOC use cases to reduce false positives and increase detection fidelity.
  • Provides technical mentorship to junior analysts through peer review of investigations and collaborative shift handovers.
  • Delivers operational reporting products including incident summaries, alert trend analysis, and threat activity assessments supporting operational readiness, cyber defense resilience, and mission assurance across combat support and intelligence environments.
  • Performs other duties as assigned.
Required Skills
  • Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance.
  • A minimum of 3 years of experience in security operations, cyber threat analysis, or incident response within a federal, defense, or intelligence community environment, with demonstrated hands‑on proficiency performing continuous monitoring and structured incident investigations using enterprise SIEM platforms such as Splunk or Elastic across multi‑enclave network environments.
  • Active IAM Level I certification, satisfied by one of the following:
    CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
  • Strong problem‑solving and decision‑making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
  • Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end‑users to executive management).
Desired Skills
  • Active Top Secret (TS) security clearance with Sensitive Compartmented Information…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search