Cybersecurity Threat Analyst – Incident Response & Threat Detection (Federal)

<b>Description</b><br><p>Dragonfli Group is a cybersecurity and IT consulting firm based out of Washington, DC that provides expert services to federal agencies and large commercial enterprises. We partner with our clients to protect mission-critical systems, modernize IT operations, and strengthen their cybersecurity posture.</p><p><br></p><p>We are seeking a Cybersecurity Threat Analyst to support a large federal agency’s advanced security operations center. In this senior-level role, you will lead the detection, investigation, and resolution of complex cyber incidents, while integrating cutting-edge AI/ML technologies into the security operations (SECOPS) environment to enhance detection and response.</p><p><br></p><p>This role is ideal for an experienced incident responder with deep technical expertise and a proven track record in high-stakes, mission-driven environments. While the position is fully remote, preference is given to candidates located in the Mooresville, NC area to support occasional on-site meetings or engagements.</p><p><br></p><p>Key Responsibilities</p><ul><li>Lead triage, analysis, and resolution of high-priority security incidents.</li><li>Perform cybersecurity analysis, incident response, and incident handling in alignment with federal security requirements.</li><li>Develop and implement AI/ML-driven automation use cases to improve SECOPS capabilities.</li><li>Monitor and analyze security alerts from Splunk, SentinelOne, Armis, and SNA, providing actionable recommendations for tuning and optimization.</li><li>Integrate AI/ML capabilities into SOAR platforms to improve detection, correlation, and response workflows.</li><li>Collaborate with SOC analysts, engineers, and leadership to improve detection rules, alerts, and response strategies.</li><li>Provide guidance and mentorship to junior analysts and incident response staff.</li><li>Document investigation findings, incident timelines, and lessons learned for continuous improvement.</li><li>Communicate technical findings clearly to both technical and non-technical stakeholders.</li></ul><br> <b>Requirements</b><br><p>Must-Have</p><ul><li><strong>Experience:</strong> Minimum <strong>7+ years</strong> in cybersecurity operations, with at least 3 years in incident response and threat analysis at a senior or lead level.</li><li><strong>Incident Response Expertise:</strong> Proven work history as part of an incident response team handling complex security events.</li><li><strong>Technical Skills:</strong></li><li><strong>Certifications (Preferred):</strong> CISSP, CISM, CISA, GIAC, or RHCE</li><li><strong>Clearance:</strong> Ability to obtain and maintain a federal security clearance (Public Trust or higher)</li><li><strong>Work Location:</strong> Remote, with preference for candidates within commuting distance of Mooresville, NC</li><li><strong>Citizenship:</strong> U.S. citizens or lawful permanent residents only</li></ul><p>Preferred:</p><ul><li>Experience developing Risk-Based Alerting (RBA) rules and detection logic.</li><li>Ability to perform vulnerability assessments for newly disclosed CVEs and prioritize remediation.</li><li>Familiarity with endpoint detection and response (EDR), intrusion detection/prevention systems (IDS/IPS), and cloud security tools.</li><li>Strong analytical skills to evaluate logs, telemetry, and forensic data.</li><li>Ability to craft custom detection signatures and test them for operational deployment.</li></ul><br> <b>Skill(s)</b><br><ul><li>Security tools: Splunk, SentinelOne, Armis, SNA (preferred)</li><li>SOAR platform experience (development, deployment, and integration)</li><li>AI/ML-based detection and response solutions</li><li>Network device configuration and traffic analysis</li><li>Security framework alignment: MITRE ATT&amp;CK, NIST</li></ul><p><br></p><br> <b>Benefits</b><br><ul><li>Health, dental, and vision insurance</li><li>PTO and 11 Federal Holidays</li><li>401(k) employer match</li></ul><br> <b>Travel</b><br>None<br>