Junior Security Operations Center Analyst

ECS Tech Inc•Fairfax, VA

2d•Onsite

About The Position

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts. The Junior Security Operations Center (SOC) Analyst performs entry-level cyber defense and continuous monitoring operations across WDP's classified and unclassified network environments, supporting the protection of mission-critical AI and data platform capabilities spanning NIPRNet, SIPRNet, and JWICS. This role develops foundational skills in alert triage, incident documentation, and threat awareness under the direct mentorship of senior SOC analysts in a high-tempo, operationally significant government cybersecurity environment.

Requirements

Current Secret security clearance.
Experience in cybersecurity operations, IT security, network monitoring, or a closely related discipline, including relevant academic, internship, or lab-based experience demonstrating foundational cyber defense skills.
IAM Level I certification from an approved credential, including CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC G

Responsibilities

Performs foundational cyber defense operations supporting continuous monitoring activities across Department of War enterprise networks operating on NIPRNet, SIPRNet, and JWICS.
Monitors security dashboards and alert queues generated by Security Information and Event Management platforms such as Splunk and Elastic, identifying indicators of compromise, policy violations, and anomalous system behavior.
Conducts initial alert triage using documented incident response playbooks aligned to DoW Cyber Incident Handling Program guidance, validating event severity and routing incidents through ServiceNow workflows.
Executes basic investigation steps including log review, endpoint status verification, and correlation of host and network telemetry under senior analyst direction.
Documents investigative actions, timelines, and observations within SharePoint repositories and ticketing systems to support auditability and continuous monitoring requirements under the Risk Management Framework.
Supports containment and remediation efforts by coordinating with system administrators, vulnerability management teams, and Information System Security Officers during active incidents.
Maintains situational awareness through review of threat intelligence feeds, internal advisories, and IAVA notifications to inform alert handling.
Participates in shift turnover briefings and contributes to operational reporting products including daily alert summaries and incident tracking updates.
Delivers reliable alert processing, accurate documentation, and disciplined escalation practices that sustain operational readiness, protect mission systems, and strengthen cyber defense posture across supported operational environments.
Performs other duties as assigned.