×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager Information Security IT Support

SOC Tier 2 Analyst

Job in Portland, Multnomah County, Oregon, 97204, USA
Listing for: ECS
Full Time position
Listed on 2026-05-22
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager, Information Security, IT Support
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Everforth ECS is seeking a SOC Tier 2 Analyst to work in our Portland, OR office.

Please note:

this position is contingent upon contract award. The SOC Analyst 2 supports the organization’s security operations by conducting deeper investigation of escalated alerts, correlating security telemetry, supporting incident response activities, and preparing incident summaries and recommendations. This role is the mid‑level investigation and response‑support tier within the SOC Analyst role family.

Key Responsibilities
  • Escalated Alert Investigation & Correlation
    • Review and investigate alerts escalated by SOC Analyst 1 or automated SOC workflows to validate severity, scope, potential impact, and required response actions.
    • Analyze suspicious activity, indicators of compromise, anomalous behavior, and policy violations using logs, endpoint telemetry, network data, identity data, cloud events, and other evidence.
    • Correlate evidence across security platforms to identify affected assets, affected accounts, attack paths, timeline of activity, and potential business or mission impact.
    • Map observed behaviors to applicable frameworks and threat models such as MITRE ATT&CK when useful for investigation, reporting, or detection improvement.
  • Incident Response & Coordination Support
    • Support containment, eradication, and recovery activities for standard or moderate incidents in alignment with incident response plans and approved playbooks.
    • Coordinate with system owners, security engineers, senior analysts, and other technical teams to gather evidence, validate impact, and support response actions.
    • Escalate complex, high‑impact, evidence‑sensitive, or ambiguous incidents to SOC Analyst 3, SOC leadership, Forensics, Threat Hunter, Threat Intelligence Analyst, or other specialized roles as appropriate.
    • Maintain accurate incident status, action tracking, and communications during investigation and response activities.
  • Detection, Tuning & Process Improvement Input
    • Analyze recurring alerts, false positives, attack patterns, threat intelligence, vulnerabilities, and emerging tactics to identify opportunities to improve detection and response.
    • Recommend updates to correlation rules, alert logic, dashboards, use cases, response playbooks, and triage procedures based on investigation outcomes.
    • Operationalize threat intelligence in triage and investigation workflows by applying relevant indicators, adversary behaviors, vulnerabilities, and contextual reporting.
    • Provide operational requirements and validation feedback to SOC Analyst 3, SOC Threat Hunter, Senior Splunk Engineer, Splunk Architect/Lead, Security Engineer, and SOC Technical Writer as appropriate.
  • Reporting & Documentation
    • Document investigation activities, evidence, decisions, response actions, and outcomes clearly and accurately.
    • Prepare incident summaries, ticket updates, timelines, shift handoff notes, and supporting information for after‑action documentation.
    • Communicate technical findings in clear operational, business, and risk language for SOC leadership and affected stakeholders.
    • Provide evidence summaries and analysis notes that can be used by Forensics or specialized teams when deeper analysis is required.
  • Mentorship & Continuous Improvement
    • Provide escalation guidance, quality feedback, and informal mentoring to SOC Analyst 1 personnel.
    • Participate in lessons‑learned activities, tabletop exercises, detection reviews, and SOC process improvement efforts.
    • Stay current with evolving cyber threats, vulnerabilities, detection techniques, and security operations best practices.
    • Contribute to continuous improvement of SOC workflows, investigation checklists, documentation practices, and escalation procedures.
Required Skills
  • 3–5 years of experience in SOC operations, incident response, security monitoring, threat monitoring, or related technical cybersecurity roles.
  • Experience triaging escalated alerts and investigating security events using SIEM, EDR, ticketing, case management, and log analysis tools.
  • Intermediate knowledge of Windows, Linux, networking, cloud, identity, endpoint, and application security concepts.
  • Working knowledge of common attack techniques, incident response…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search