Sr. Security Analyst
About The Position
As a leading managed cybersecurity services provider, ECS delivers highly tailored cybersecurity solutions aligned to each customer’s mission needs. The Professional Services Team partners with customers to understand their environment, strengthen security posture, and deliver measurable outcomes across detection, response, and continuous improvement. We are seeking a Security Analyst with strong Elastic SIEM experience and solid cybersecurity fundamentals who can investigate alerts, hunt threats, and help operationalize detection capabilities across network, cloud, and endpoint telemetry. This role requires analytical rigor, comfort working directly with customers, and the ability to operate with limited oversight in fast-paced environments.
Requirements
- 2+ years of cybersecurity experience
- Elastic SIEM proficiency: Monitoring, detection, triage, and investigation using Elastic SIEM; experience with Kibana and familiarity with Logstash / ingest pipelines preferred
- Strong cybersecurity fundamentals including network protocols, encryption concepts, and vulnerabilities
- Strong analytical skills for identifying patterns and anomalies across multiple data sources
- Scripting/automation experience using Python or PowerShell
- Experience creating and tuning SIEM rules, signatures, and dashboards
- Strong written and verbal communication skills
- Ability to problem-solve and operate under pressure in fast-paced environments
- Willingness to support domestic or international travel (short, planned engagements)
- Must possess and maintain a U.S. Passport
- Must have a Secret clearance, at minimum
Nice To Haves
- experience with Kibana and familiarity with Logstash / ingest pipelines
Responsibilities
- Perform analysis using defense tools including IDS/IPS, firewalls, and host-based security systems.
- Use Elastic SIEM to correlate events, identify indicators of compromise, and produce actionable intelligence for response.
- Implement and improve log-based and endpoint-based detection strategies; validate detections and recommend tuning based on outcomes.
- Develop and tune SIEM content such as detection rules, machine learning rules, dashboards, and visualizations aligned to customer requirements.
- Correlate data across network, cloud, and endpoints to identify attacks and unauthorized actions.
- Triage alerts from SIEM and other sensors; document incidents with clear technical reporting and recommendations.
- Investigate emerging threats and vulnerabilities to enhance detection and incident identification processes.
- Analyze phishing submissions and recommend appropriate response actions.
- Support containment and mitigation activities; contribute to root cause analysis and corrective actions.
- Create or maintain scripts (Python/PowerShell) for investigation support, enrichment, and workflow automation; help integrate telemetry sources into Elastic as needed.
- Provide training to customer teams on SIEM usage, detection capabilities, investigation workflows, and security best practices to drive long-term operational success.
- Contribute to documentation (runbooks, detection standards, triage playbooks) and continuous improvement of SOC workflows.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
