Cybersecurity Threat Analyst – Incident Response & Threat Detection (Federal)

Description

Dragonfli Group is a cybersecurity and IT consulting firm based out of Washington, DC that provides expert services to federal agencies and large commercial enterprises. We partner with our clients to protect mission-critical systems, modernize IT operations, and strengthen their cybersecurity posture.

We are seeking a Cybersecurity Threat Analyst to support a large federal agency’s advanced security operations center. In this senior-level role, you will lead the detection, investigation, and resolution of complex cyber incidents, while integrating cutting-edge AI/ML technologies into the security operations (SECOPS) environment to enhance detection and response.

This role is ideal for an experienced incident responder with deep technical expertise and a proven track record in high-stakes, mission-driven environments. While the position is fully remote, preference is given to candidates located in the Mooresville, NC area to support occasional on-site meetings or engagements.

Key Responsibilities

• Lead triage, analysis, and resolution of high-priority security incidents.
• Perform cybersecurity analysis, incident response, and incident handling in alignment with federal security requirements.
• Develop and implement AI/ML-driven automation use cases to improve SECOPS capabilities.
• Monitor and analyze security alerts from Splunk, SentinelOne, Armis, and SNA, providing actionable recommendations for tuning and optimization.
• Integrate AI/ML capabilities into SOAR platforms to improve detection, correlation, and response workflows.
• Collaborate with SOC analysts, engineers, and leadership to improve detection rules, alerts, and response strategies.
• Provide guidance and mentorship to junior analysts and incident response staff.
• Document investigation findings, incident timelines, and lessons learned for continuous improvement.
• Communicate technical findings clearly to both technical and non-technical stakeholders.

Requirements

Must-Have

• Experience: Minimum 7+ years in cybersecurity operations, with at least 3 years in incident response and threat analysis at a senior or lead level.
• Incident Response Expertise: Proven work history as part of an incident response team handling complex security events.
• Technical Skills:
• Certifications (Preferred): CISSP, CISM, CISA, GIAC, or RHCE
• Clearance: Ability to obtain and maintain a federal security clearance (Public Trust or higher)
• Work Location: Remote, with preference for candidates within commuting distance of Mooresville, NC
• Citizenship: U.S. citizens or lawful permanent residents only

Preferred:

• Experience developing Risk-Based Alerting (RBA) rules and detection logic.
• Ability to perform vulnerability assessments for newly disclosed CVEs and prioritize remediation.
• Familiarity with endpoint detection and response (EDR), intrusion detection/prevention systems (IDS/IPS), and cloud security tools.
• Strong analytical skills to evaluate logs, telemetry, and forensic data.
• Ability to craft custom detection signatures and test them for operational deployment.

Skill(s)

• Security tools: Splunk, SentinelOne, Armis, SNA (preferred)
• SOAR platform experience (development, deployment, and integration)
• AI/ML-based detection and response solutions
• Network device configuration and traffic analysis
• Security framework alignment: MITRE ATT&CK, NIST

Benefits

• Health, dental, and vision insurance
• PTO and 11 Federal Holidays
• 401(k) employer match

Travel

None