Cyber Security Specialist

About The Position

Requirements

• 5 years with a Bachelors degree or 9 years with a HS diploma/equivalent
• Familiarity with compliance and audit frameworks: NIST CSF, 800-53, OMB M-21-31, CIS Benchmarks, STIGs
• Knowledge of vulnerability scanning tools (e.g., Tenable Nessus) and CVE exposure analysis
• Experience collaborating with cyber threat intelligence and/or red teams
• Experience in digital forensics, malware analysis, or purple team operations
• Experience with Case Management System (e.g., ServiceNow)
• Experience with SIEM (e.g., Splunk)
• Experience using SOAR platforms for alert triage and response automation
• Solid understanding of Windows and Linux operating system internals and log analysis
• Strong grasp of network protocols, TCP/IP, and common attack vectors
• Familiarity with scripting (e.g., PowerShell, Python, Bash) and automation workflows
• Experience with threat hunting, IOC analysis, or MITRE ATT&CK-based detection
• Understanding of identity and access management (IAM) risks in cloud environments
• Experience improving SOC processes, detection logic, architecture, or playbooks
• Ability to communicate findings clearly—verbally and in writing—to technical and non-technical audiences
• Must be a U.S. Citizen
• Must be able to obtain and maintain the required agency clearance

Nice To Haves

• Active Public Trust

Responsibilities

• Perform advanced EDR analysis, including alert triage, threat detection, behavioral rule tuning, IOC investigation, and endpoint telemetry enrichment.
• Support EDR platform administration by managing agent health and deployment, maintaining integration with SIEM and other telemetry pipelines, coordinating policy updates, and partnering with SysAdmins to troubleshoot endpoint and infrastructure-level issues affecting EDR visibility.
• Conduct digital forensics during incident response by acquiring, preserving, and analyzing endpoint artifacts (e.g., memory, disk, registry, logs); assist with root cause analysis and ensure forensic evidence in accordance with legal and procedural requirements.
• Provide engineering-focused support on SOC architecture improvements to increase visibility, data fidelity, and detection capabilities across hybrid environments.
• Perform threat detection, log analysis, and anomaly identification across on-premises and cloud workloads (AWS preferred).
• Conduct initial incident response and assist with investigations into malware, phishing, lateral movement, privilege misuse, and data exfiltration.
• Apply threat intelligence to enrich alerts and uncover TTPs using the MITRE ATT&CK framework.
• Document investigative steps and evidence in the case management system and escalate incidents per SOPs.
• Participate in threat hunting missions based on hypotheses, intel feeds, and environmental knowledge.
• Collaborate with engineering, system administrators, and cyber stakeholders to contain and remediate threats.
• Support compliance efforts by ensuring audit trails, access logs, and investigative artifacts are collected and preserved.
• Stay current with emerging threats, vulnerabilities, and TTPs targeting cloud and hybrid infrastructures.
• Maintain situational awareness through active monitoring of CTI sources, advisories, and vulnerability disclosures.
• Provide summary reports and handoff briefings at the end of each shift.

Benefits

• overtime
• shift differential
• discretionary bonus