SOC Technical Writer

Everforth ECS is seeking a Cyber Technical Writer to work in our Portland, OR office.  Please Note: This position is contingent upon contract award.

The Cyber Technical Writer develops, maintains, and improves cybersecurity documentation, operational procedures, technical guides, reports, briefings, and knowledge products that support security operations, engineering, assessment, training, and program management activities. This role translates complex cybersecurity concepts, processes, tools, and technical findings into clear, accurate, audience-appropriate documentation. 

The ideal candidate combines strong writing and editing skills with a working understanding of cybersecurity operations, risk management, incident response, security tools, and compliance-driven environments. The role requires close collaboration with analysts, engineers, assessors, threat intelligence staff, training personnel, and program leadership to ensure documentation is complete, consistent, usable, and aligned with program requirements. 

Key Responsibilities 

Cybersecurity Documentation Development 

• Develop, revise, and maintain cybersecurity documentation, including standard operating procedures, playbooks, runbooks, technical guides, process documents, user guides, and job aids. 

• Translate technical input from cybersecurity subject matter experts into clear, structured, and actionable documentation for technical, operational, and management audiences. 

• Document SOC workflows, incident response procedures, escalation paths, monitoring processes, reporting procedures, and security tool usage guidance. 

• Ensure documentation accurately reflects current tools, processes, roles, responsibilities, and operational requirements. 

Reports, Briefings & Deliverables 

• Prepare, edit, and format cybersecurity reports, executive summaries, operational updates, assessment support materials, after-action reports, and program deliverables. 

• Support development of recurring status reports, performance summaries, metrics narratives, findings summaries, and stakeholder briefings. 

• Ensure written products are clear, accurate, consistent, properly formatted, and aligned with audience needs and program expectations. 

• Coordinate with technical contributors to validate facts, terminology, findings, recommendations, and supporting evidence before publication or submission. 

Process, Policy & Procedure Support 

• Support documentation of cybersecurity policies, processes, procedures, standards, templates, and governance materials. 

• Assist teams in converting informal practices, analyst notes, lessons learned, and technical workflows into repeatable, approved procedures. 

• Maintain documentation that supports audit readiness, compliance activities, risk management, incident handling, training, and operational continuity. 

• Identify gaps, inconsistencies, outdated content, or unclear procedures and recommend improvements to documentation owners. 

Stakeholder Collaboration & Content Coordination 

• Work with SOC analysts, engineers, assessors, threat hunters, threat intelligence analysts, forensics personnel, training staff, and program leadership to gather content and clarify requirements. 

• Facilitate reviews, collect feedback, adjudicate comments, and incorporate approved changes into formal documentation. 

• Support communication between technical teams and non-technical stakeholders by converting technical details into plain-language summaries when appropriate. 

• Manage documentation inputs, version history, review cycles, and approval status in coordination with program governance processes. 

Knowledge Management & Training Support 

• Organize, maintain, and improve knowledge repositories, documentation libraries, SharePoint sites, wikis, document inventories, and related knowledge management resources. 

• Develop job aids, quick reference guides, checklists, and supporting materials for cyber training, onboarding, tabletop exercises, and operational readiness activities. 

• Ensure documentation is searchable, accessible, logically structured, and easy for cyber personnel to use during routine operations and high-priority response activities. 

• Coordinate with training personnel to keep instructional materials aligned with current procedures, tools, and operational practices. 

Quality Control & Continuous Improvement 

• Review documentation for clarity, grammar, formatting, consistency, technical accuracy, and adherence to templates, style guides, and program standards. 

• Maintain standardized document templates, formatting conventions, terminology, acronym lists, and documentation quality practices. 

• Support continuous improvement of documentation workflows, review processes, publishing procedures, and content management practices. 

• Stay current with cybersecurity terminology, operational practices, frameworks, and documentation best practices relevant to the program environment. 

• 3-5 years of experience in technical writing, cybersecurity documentation, IT documentation, communications, knowledge management, training support, or related roles. 
• Experience developing or maintaining technical documentation such as SOPs, runbooks, playbooks, user guides, reports, process documents, briefings, or knowledge articles. 
• Working knowledge of cybersecurity concepts, security operations, incident response, vulnerability management, risk management, compliance, or security engineering terminology. 
• Ability to gather information from technical subject matter experts and convert complex material into clear, organized, and audience-appropriate written products. 
• Strong editing, formatting, grammar, quality control, document organization, and version management skills. 
• Proficiency with common documentation and collaboration tools such as Microsoft Word, PowerPoint, Excel, SharePoint, Teams, Confluence, ticketing systems, or similar platforms. 
• Strong communication, collaboration, attention to detail, and time management skills.