Threat Management Specialist (Remote)

Dragonfli Group•Washington, DC

2d•Remote

About The Position

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. This contract Threat Management Specialist role supports a large federal agency's Cybersecurity Operations team, protecting critical systems and data within a large-scale IT environment. The specialist will perform deep-dive incident analysis, handle incidents as defined in Playbooks and SOPs, and advise on remediation actions. Key tools and technologies include AI/ML-based tools, SOAR capabilities, ProofPoint, Splunk, FirePower, Sentinel 1, Microsoft Defender, Azure Entra ID, and Google Cloud Security Command Center. The role requires seasoned IT security expertise, hands-on technical skills, and strong communication and planning abilities. It's a high-impact opportunity to shape identity and access security within a major federal agency. Although this is a fully REMOTE role, the role supports two fixed shift schedules. Candidates must be willing and able to work one of the following schedules on a consistent basis: Schedule Option 1 – Evening Shift Hours: 3:30 PM – 11:30 PM (EST time zone) Regular days off: Tuesday and Wednesday Schedule Option 2 – Overnight Shift Hours: 11:30 PM – 7:30 AM (EST time zone) Regular days off: Saturday and Sunday Both schedules provide 24/7 operational coverage in support of the agency’s Cybersecurity Operations mission. Shift assignment is determined based on program needs and candidate availability at time of hire. This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency required. If hired, all work related to this role must be performed within the continental U.S.

Requirements

3+ years IT security experience with exposure to AI/ML projects.
2+ years' experience in network traffic analysis.
Strong working knowledge of Boolean Logic, TCP/IP Fundamentals, and Threat Management.
Knowledge of Control Frameworks and Risk Management techniques.
Excellent oral and written communication skills.
Strong understanding of IDS/IPS technologies and methodologies.
Experience with cloud security (AWS, Azure, GCP).
Hands-on experience with cybersecurity automation (e.g., SOAR platforms).
Proficiency in using machine learning frameworks for anomaly detection.
Familiarity with AI/ML techniques in cybersecurity.
Ability to preprocess and transform large datasets for machine learning models.
Experience in automated threat detection and incident response automation.
Strong analytical and problem-solving skills.
Ability to work collaboratively in a team environment.
Strong organizational and time-management skills.
Ability to stay current with cybersecurity trends and technologies.
Excellent interpersonal skills for effective communication.
Ability to evaluate the effectiveness of AI/ML solutions in a SOC environment.

Nice To Haves

Candidates with previous federal contracting experience are preferred.

Responsibilities

Perform deep-dive incident analysis by correlating data from various sources.
Handle incidents as defined in Playbooks and SOPs.
Advise on remediation actions and provide input on leveraging AI/ML and SOAR capabilities.
Identify cybersecurity problems requiring mitigating controls.
Analyze network traffic to identify exploit or intrusion attempts.
Recommend detection mechanisms for exploit or intrusion attempts.
Provide expertise on network-based attacks and intrusion methodologies.
Escalate items requiring further investigation.
Utilize AI/ML-based tools to detect anomalies and automate incident triage.
Manage email security using ProofPoint and respond to threats.
Configure Splunk for log analysis and investigate security incidents.
Set up FirePower for network monitoring and enforce security measures.
Deploy Sentinel 1 agents and conduct security assessments.
Monitor and respond to security alerts across multiple platforms.
Perform threat detection and analysis, and implement remediation actions.
Tune security policies and support continuous improvement of security posture.
Stay current on cybersecurity trends and AI/ML research.
Identify and support automation use cases to enhance SOC capabilities.
Collaborate across Operations to provide SOC enhancement capabilities.