Jr. Cyber Defense Analyst/Threat Hunter

About The Position

Requirements

• Must be a US Citizen
• Must meet eligibility requirements associated with obtaining an active DoD SECRET clearance
• S. in Cybersecurity, Computer Science, Information Systems, or a closely related field, from an accredited university and at least one (1) year of professional experience
• 1–5 years of professional experience in cybersecurity, SOC operations, or network/system administration
• Familiarity with SIEM tools (Splunk, Elastic, OpenSearch, or similar)
• Understanding of network and endpoint security fundamentals - TCP/IP, firewalls, logs, intrusion detection, and common attack vectors
• Experience with Linux and Windows log analysis, event correlation, and alert tuning
• Basic proficiency with scripting or automation languages (Python, PowerShell, or Bash)
• Strong analytical, investigative, and documentation skills - able to produce clear incident reports and threat summaries
• Excellent communication skills and willingness to collaborate across infrastructure, operations, and development teams

Nice To Haves

• Certifications such as Security+, CySA+, CEH, Splunk Certified User/Power User, AWS Security Specialty, or GCIA/GCDA/GCFE
• Experience developing custom detections and enrichment pipelines
• Familiarity with Zero Trust and enclave network architectures (CNAP, SNE)
• Understanding of incident handling procedures and escalation workflows
• Experience in threat intelligence analysis and mapping IOCs to ATT&CK techniques
• Exposure to machine learning or data-driven anomaly detection approaches
• Experience writing operational runbooks or playbooks for SOC or NOC environments

Responsibilities

• Operate and enhance defensive cyber monitoring systems across hybrid networks (on-prem, AWS GovCloud, and remote sites)
• Perform real-time and retrospective threat analysis using SIEM, SOAR, and log analytics platforms (Splunk, Elastic, OpenSearch, or similar)
• Correlate events across diverse telemetry sources - host, network, application, and identity data - to detect anomalies and potential intrusions
• Develop detection content, dashboards, and visualizations to improve situational awareness and incident triage.
• Conduct threat hunting and adversary emulation activities aligned to MITRE ATT&CK and D3FEND frameworks
• Support incident response and forensics, collecting and analyzing indicators of compromise (IOCs) and developing post-incident reports
• Collaborate with SRE and DevOps teams to integrate monitoring hooks, improve observability, and ensure logging/telemetry pipelines are complete and reliable
• Automate common analysis and detection workflows using Python, PowerShell, or Go
• Develop playbooks and response automation using SOAR tooling or custom scripts to reduce mean time to respond (MTTR)
• Participate in red/blue/purple team exercises and contribute to the continuous improvement of defensive posture across CNAP/SNE environments
• Support compliance and auditing activities, ensuring monitoring, alerting, and response workflows meet DoD cybersecurity requirements (RMF, STIGs, etc.)

Benefits

• Medical/Dental/Vision/Group Life/STD/LTD - no employee premiums
• SGSS funded HSA (Health Savings Account) provided with SGSS funding the maximum amount allowed by the IRS
• Retirement Savings Plan (RSP/401k) with a 20% annual company contribution - no employee contribution required