Entry-Level SOC Analyst - Monitor & Triage Security

Everforth ECS is seeking a SOC Tier 1 Analyst to work in our Portland, OR office.
Please Note: This position is contingent upon contract award.

The SOC Analyst 1 supports the organization's security operations by monitoring security events, performing first-level alert triage, validating suspicious activity, documenting tickets, and escalating confirmed or higher-risk events using approved runbooks and procedures. This role is the initial monitoring and triage tier within the SOC Analyst role family.

The ideal candidate has foundational cybersecurity or IT operations experience, understands basic security concepts and defensive technologies, and can follow established procedures while communicating clearly with SOC Analyst 2, SOC Analyst 3, incident response, engineering, and other program stakeholders.

• Monitor security events and alerts across SIEM, EDR, IDS/IPS, cloud, network, identity, case management, and other approved security platforms.
• Perform first-level alert validation to determine whether activity is benign, suspicious, policy-related, or requires escalation.
• Assign initial severity, scope, affected assets, affected accounts, and potential impact using approved triage criteria and runbooks.
• Escalate confirmed, ambiguous, high-risk, or complex alerts to SOC Analyst 2, SOC Analyst 3, or SOC leadership according to established procedures.

• Create and update incident tickets with clear descriptions, timestamps, evidence references, preliminary findings, and actions taken.
• Document investigation steps, alert context, decisions, and escalation rationale clearly and accurately.
• Prepare shift handoff notes and status updates to ensure continuity of monitoring and incident follow-up.
• Maintain case management hygiene, including accurate categorization, status tracking, and closure documentation for routine alerts.
• Support standard incident response activities under direction of SOC Analyst 2, SOC Analyst 3, incident responders, or SOC leadership.
• Collect readily available logs, alert details, endpoint information, user information, and other operational evidence needed for escalation.
• Coordinate basic information requests with system owners, security engineers, and other technical teams as directed.
• Track escalations and provide status updates until ownership is accepted by the appropriate SOC or specialized role.

• Use SOC tools such as SIEM, SOAR, EDR, threat intelligence portals, case management systems, and vulnerability platforms in accordance with approved procedures.
• Follow playbooks, standard operating procedures, evidence-handling expectations, and escalation thresholds consistently.
• Report suspected data quality issues, missing telemetry, dashboard problems, or tool availability concerns to SOC Analyst 2/3, Splunk engineering, or security engineering teams.
• Participate in training, drills, tabletop exercises, and lessons-learned activities to improve monitoring and triage performance.
• Stay current with common cyber threats, phishing techniques, malware trends, vulnerabilities, user behavior risks, and security operations best practices.
• Apply feedback from senior analysts to improve alert validation, documentation quality, and escalation accuracy.
• Contribute operational observations and recurring alert patterns to process improvement discussions.

• 1-3 years of experience in cybersecurity, IT operations, help desk , networking, systems administration, or SOC monitoring.
• Basic experience using SIEM, EDR, ticketing, case management, or log-search tools to review security events or operational alerts.
• Foundational knowledge of Windows, Linux, networking, cloud, identity, endpoint, and common cyber threat concepts.
• Ability to follow runbooks, validate alerts, document findings, and elevate issues accurately and promptly.
• Familiarity with incident escalation procedures, shift handoff practices, and basic evidence-handling expectations.
• Strong attention to detail, written documentation skills, and ability to communicate clearly with technical teams.

• Experience working in a 24x7 SOC, managed security operations environment, government program, or regulated organization.
• Familiarity with frameworks and guidance such as MITRE ATT&CK, NIST CSF, NIST SP 800-61, CIS Controls, or Cyber Kill Chain.
• Experience with tools such as Splunk, Microsoft Sentinel, QRadar , Crowd Strike, Microsoft Defender, Palo Alto, SOAR platforms, or similar technologies.
• Certifications such as Security+, Network+, CySA + (in progress), CEH (in progress), or equivalent experience.
• Experience with phishing triage, malware alert validation, endpoint alerts, user behavior alerts, or network security monitoring.
• Exposure to SOC playbooks, escalation workflows, and operational reporting expectations.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis of…