Junior Security Operations Center Analyst Security Clearance

Position: Junior Security Operations Center Analyst with Security Clearance
Job Description Everforth ECS is seeking a Junior Security Operations Center Analyst to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax .

Please Note:

This position is contingent upon contract award. The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational war fighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Junior Security Operations Center (SOC) Analyst performs entry-level cyber defense and continuous monitoring operations across WDP's classified and unclassified network environments, supporting the protection of mission-critical AI and data platform capabilities spanning NIPRNet, SIPRNet, and JWICS. This role develops foundational skills in alert triage, incident documentation, and threat awareness under the direct mentorship of senior SOC analysts in a high-tempo, operationally significant government cybersecurity environment.

• Performs foundational cyber defense operations supporting continuous monitoring activities across Department of War enterprise networks operating on NIPRNet, SIPRNet, and JWICS.

• Monitors security dashboards and alert queues generated by Security Information and Event Management platforms such as Splunk and Elastic, identifying indicators of compromise, policy violations, and anomalous system behavior.

• Conducts initial alert triage using documented incident response playbooks aligned to DoW Cyber Incident Handling Program guidance, validating event severity and routing incidents through Service Now workflows.

• Executes basic investigation steps including log review, endpoint status verification, and correlation of host and network telemetry under senior analyst direction.

• Documents investigative actions, timelines, and observations within SharePoint repositories and ticketing systems to support auditability and continuous monitoring requirements under the Risk Management Framework.

• Supports containment and remediation efforts by coordinating with system administrators, vulnerability management teams, and Information System Security Officers during active incidents.

• Maintains situational awareness through review of threat intelligence feeds, internal advisories, and IAVA notifications to inform alert handling.

• Participates in shift turnover briefings and contributes to operational reporting products including daily alert summaries and incident tracking updates.

• Delivers reliable alert processing, accurate documentation, and disciplined escalation practices that sustain operational readiness, protect mission systems, and strengthen cyber defense posture across supported operational environments.

• Performs other duties as assigned. Required Skills
• Current Secret security clearance.

• Experience in cybersecurity operations, IT security, network monitoring, or a closely related discipline, including relevant academic, internship, or lab-based experience demonstrating foundational cyber defense skills.

• IAM Level I certification from an approved credential, including CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC G Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.

• Hands-on familiarity with SIEM platforms such as Splunk or Elastic, including experience navigating dashboards, constructing basic queries, and reviewing log data in a lab, academic, or professional cybersecurity environment.

• Basic understanding of the MITRE ATT&CK framework and common adversary tactics, techniques, and procedures, with a demonstrated interest in applying threat intelligence concepts to alert triage and incident investigation workflows.

• Exposure to IT service management platforms such as Service Now or equivalent ticketing systems, including experience logging, tracking,…