Cyber Defense Analyst Lead Job Description

Position Summary

Essential Duties and Responsibilities

• Perform advanced cyber defense and incident response activities supporting enterprise SOC operations.
• Support incident response activities identified under RFQ Task Area 3.5.3.3.
• Analyze cybersecurity alerts network traffic endpoint activity system logs and indicators of compromise (IOC).
• Conduct advanced triage investigation containment eradication and recovery activities for cybersecurity incidents.
• Provide technical support for 24x7x365 cybersecurity monitoring and cyber defense operations.
• Perform cyber threat hunting activities across enterprise networks cloud environments and endpoint platforms.
• Support forensic investigations malware analysis root cause analysis and evidence collection activities.
• Correlate threat intelligence information with security events and operational indicators.
• Monitor and operate cybersecurity tools including SIEM EDR IDS/IPS vulnerability scanners and security analytics platforms.
• Support development and refinement of incident response procedures playbooks and standard operating procedures.
• Provide operational analysis and recommendations regarding emerging threats attack trends and cybersecurity risks.
• Coordinate cybersecurity incident response activities with internal teams federal stakeholders and external partners.
• Support vulnerability management activities including remediation coordination validation testing and risk analysis.
• Assist with operational reporting cybersecurity metrics dashboards and executive briefings.
• Document cybersecurity incidents investigative findings response actions and lessons learned.
• Support cloud security monitoring activities within Azure AWS Microsoft 365 and hybrid enterprise environments.
• Ensure incident response and cyber defense activities align with NIST SP 800-61 NIST SP 800-53 CISA guidance and FISMA requirements.
• Provide mentorship and technical guidance to junior analysts and SOC personnel.
• Participate in cybersecurity exercises operational readiness activities and continuous improvement initiatives.
• Support coordination activities with law enforcement OIG privacy and legal teams as required.

Minimum Qualifications

• Bachelors degree in Cybersecurity Information Technology Computer Science Information Assurance Engineering or related technical discipline. Additional relevant experience may substitute for degree requirements.
• Minimum of 8 years of cybersecurity operations cyber defense SOC analysis or incident response experience.
• Minimum of 5 years supporting federal cybersecurity operations or incident response activities.
• Hands-on experience with SIEM EDR IDS/IPS network security monitoring threat intelligence and forensic analysis tools.
• Experience conducting incident triage malware analysis root cause analysis and cyber threat hunting activities.
• Experience supporting cloud security operations across AWS Azure Microsoft 365 or hybrid enterprise environments.
• Strong knowledge of federal cybersecurity standards and frameworks including FISMA NIST RMF NIST SP 800-53 Rev. 5 and NIST SP 800-61.
• Experience analyzing security events attack vectors indicators of compromise and adversarial tactics and techniques.
• Strong analytical communication documentation and problem-solving skills.
• Ability to work effectively in high-tempo operational environments supporting 24x7 cybersecurity operations.

Preferred Certifications

• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Intrusion Analyst (GCIA)
• CompTIA CySA
• Certified Ethical Hacker (CEH)
• CompTIA Security
• Splunk Certified Power User or SIEM-related certification
• AWS or Microsoft Azure Security Certifications