Cyber Defense Analyst – Lead Job Description

Position Summary

Essential Duties and Responsibilities

• Perform advanced cyber defense and incident response activities supporting enterprise SOC operations.
• Support incident response activities identified under RFQ Task Area 3.5.3.3.
• Analyze cybersecurity alerts, network traffic, endpoint activity, system logs, and indicators of compromise (IOC).
• Conduct advanced triage, investigation, containment, eradication, and recovery activities for cybersecurity incidents.
• Provide technical support for 24x7x365 cybersecurity monitoring and cyber defense operations.
• Perform cyber threat hunting activities across enterprise networks, cloud environments, and endpoint platforms.
• Support forensic investigations, malware analysis, root cause analysis, and evidence collection activities.
• Correlate threat intelligence information with security events and operational indicators.
• Monitor and operate cybersecurity tools including SIEM, EDR, IDS/IPS, vulnerability scanners, and security analytics platforms.
• Support development and refinement of incident response procedures, playbooks, and standard operating procedures.
• Provide operational analysis and recommendations regarding emerging threats, attack trends, and cybersecurity risks.
• Coordinate cybersecurity incident response activities with internal teams, federal stakeholders, and external partners.
• Support vulnerability management activities including remediation coordination, validation testing, and risk analysis.
• Assist with operational reporting, cybersecurity metrics, dashboards, and executive briefings.
• Document cybersecurity incidents, investigative findings, response actions, and lessons learned.
• Support cloud security monitoring activities within Azure, AWS, Microsoft 365, and hybrid enterprise environments.
• Ensure incident response and cyber defense activities align with NIST SP 800-61, NIST SP 800-53, CISA guidance, and FISMA requirements.
• Provide mentorship and technical guidance to junior analysts and SOC personnel.
• Participate in cybersecurity exercises, operational readiness activities, and continuous improvement initiatives.
• Support coordination activities with law enforcement, OIG, privacy, and legal teams as required.

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Assurance, Engineering, or related technical discipline. Additional relevant experience may substitute for degree requirements.
• Minimum of 8 years of cybersecurity operations, cyber defense, SOC analysis, or incident response experience.
• Minimum of 5 years supporting federal cybersecurity operations or incident response activities.
• Hands-on experience with SIEM, EDR, IDS/IPS, network security monitoring, threat intelligence, and forensic analysis tools.
• Experience conducting incident triage, malware analysis, root cause analysis, and cyber threat hunting activities.
• Experience supporting cloud security operations across AWS, Azure, Microsoft 365, or hybrid enterprise environments.
• Strong knowledge of federal cybersecurity standards and frameworks including FISMA, NIST RMF, NIST SP 800-53 Rev. 5, and NIST SP 800-61.
• Experience analyzing security events, attack vectors, indicators of compromise, and adversarial tactics and techniques.
• Strong analytical, communication, documentation, and problem-solving skills.
• Ability to work effectively in high-tempo operational environments supporting 24x7 cybersecurity operations.

Preferred Certifications

• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Intrusion Analyst (GCIA)
• CompTIA CySA+
• Certified Ethical Hacker (CEH)
• CompTIA Security+
• Splunk Certified Power User or SIEM-related certification
• AWS or Microsoft Azure Security Certifications