​This is a Remote (Work from Home) position, but with a specific residency requirement: candidates must live in the NY/NJ/CT tri-state area for occasional onsite client visits. This role is designed for an experienced analyst who has worked in a mature 24x7x365 environment and is ready to move beyond basic monitoring into process development and automation.

• ​Requisition ID: #2976
• ​Salary Range: $120,000 – $145,000
• ​Shift Schedule: Friday – Monday, 7:00 AM – 5:00 PM ET (4×10 shift).
• ​Location: Remote (Residing in NY, NJ, or CT).
• ​Core Technology: SIEM, SOAR, EDR, and Threat Intel feeds (US-CERT, MS-ISAC).

​Key Responsibilities: Monitoring, Hunting, and Automation

​As a Mid-Level Analyst, you act as a technical leader within the shift, handling complex escalations and improving the SOC’s underlying logic.

​Continuous Monitoring & Incident Handling

​You will monitor the SIEM alert queue, phishing inboxes, and intelligence feeds to identify intrusions. When a critical incident occurs, you are responsible for executing containment, remediation, and recovery activities. Following an incident, you will lead the “Lessons Learned” review to identify control failures or outdated procedures.

​Detection Engineering & SOAR Tuning

​A primary focus of this role is improving alert fidelity. You will coordinate with SIEM engineers to tune rules and reduce false positives. Furthermore, you will assist in creating and refining Security Orchestration, Automation, and Response (SOAR) playbooks, transforming manual investigative steps into automated workflows to speed up response times.

​Proactive Threat Hunting

​You won’t just wait for alerts. You will perform proactive threat hunting to find emerging risks that automated systems might miss. Working closely with Cyber Threat Intel, you will analyze detection patterns and compile detailed hunt reports for SOC leadership, often mapping these findings to the MITRE ATT&CK Framework.

​Required Qualifications and Skills

​ECS is looking for a critical thinker who understands the nuances of log correlation and intrusion analysis.

• ​Experience: Minimum 3 years of experience in log analysis, intrusion detection, or info-sec operations.
• ​Technical Skills: Ability to build custom content in a SIEM and triage Indicators of Compromise (IoC).
• ​Education: Bachelor’s degree or equivalent experience.
• ​Environment: Proven experience working in a mature, high-volume 24×7 SOC.
• ​Certifications (Preferred): CISSP, CEH, CISA, Security+, or CHFI.

​Summary of Role Impact

​The “Mid-Level” designation at ECS signifies that you are the engine of the SOC’s continuous improvement. By bridging the gap between raw monitoring and advanced automation, you ensure that the client’s infrastructure—both on-premises and in the cloud—is protected by high-fidelity detections. Your ability to work the Friday-to-Monday “bridge” shift is vital for maintaining security posture during high-risk weekend windows when many enterprise teams are offline.