Cybersecurity Analyst (CDAP) Lead - Senior

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: Secret Eligible
• Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+
• 7+ years of experience in cybersecurity
• Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
• Experience leading or overseeing cybersecurity monitoring, detection, correlation, and reporting activities across enterprise security data sources.
• Experience developing or refining analytic rules, dashboards, and data quality processes used to improve threat visibility and operational reporting.
• Experience coordinating with SOC, cyber threat intelligence, defensive cyber, or security engineering teams to improve detection logic and triage outcomes.
• Experience producing operational metrics and executive reporting for Government stakeholders in support of continuous monitoring or cyber operations.
• Knowledge of RMF support activities and the use of cybersecurity outputs to inform continuous monitoring objectives and compliance reporting.
• Experience working with enterprise security analytics and monitoring capabilities such as SIEM, EDR, IDS/IPS, DLP, or related telemetry sources in DoDIN-connected environments.

Responsibilities

• Lead CDAP analytic operations by directing monitoring, detection, correlation, and reporting activities across enterprise security data sources supporting Task 3 cybersecurity operations deliverables.
• Oversee alert triage quality and analytic workflow execution to improve identification, prioritization, and escalation of high-risk cyber findings across DoDIN-connected environments.
• Develop, refine, and govern analytic rules, dashboards, and data validation processes to improve threat visibility, reporting accuracy, and operational decision support.
• Coordinate with SOC, cyber threat intelligence, defensive cyber, and security engineering teams to strengthen detection logic, analytic coverage, and response visibility.
• Leverage enterprise security telemetry and analytics aligned with the ENOCS environment, including USIEM, EDR, IDS/IPS, DLP, Zeek metadata, and Sysmon-informed monitoring, to support centralized visibility and threat-informed detection.
• Support continuous monitoring and RMF objectives by ensuring CDAP outputs align with eMASS artifact needs, compliance reporting, and ARNG and DoD cybersecurity policy expectations.
• Produce operational metrics, dashboards, and executive-level reporting for Government stakeholders to communicate analytic performance, cyber risk trends, and detection outcomes.
• Coordinate analytic support activities with organizations and operational partners identified in Task 3, including RCC-ARNG, NETCOM, ARCYBER, USCYBERCOM, the NETCOM Global Cyber Center, and DISA DCDC, as appropriate.
• Improve analytic coverage for ARNG classified and unclassified environments by validating data sources, identifying gaps in visibility, and recommending enhancements to monitoring and reporting processes.