Threat Management Specialist (Tier 3)

Description

Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, DC, delivering strategic solutions to government agencies and enterprise clients nationwide. We specialize in advanced threat detection, incident response, malware analysis, and integrating Artificial Intelligence (AI) and Machine Learning (ML) into SOC operations. Our teams operate in diverse work environments—including onsite, hybrid, and fully remote—on contracts ranging from several months to multiple years.

We are seeking a Threat Management Specialist (Tier 3) to serve as a senior Cybersecurity Operations Center (CSOC) analyst, focusing on the detection, containment, and remediation of advanced persistent threats (APT) and other sophisticated adversary campaigns. The ideal candidate will have expertise in malware analysis, reverse engineering, and network intrusion investigations, with a proven ability to integrate AIMLdriven detection capabilities into security workflows. This role operates Monday–Friday, 7:00 AM to 4:00 PM.

Key Responsibilities:

• Detect and analyze complex intrusion attempts, including APT behaviors across multiple attack vectors.
• Conduct malware containment, remediation, and reverse engineering to determine entry methods, attack intent, and potential impact.
• Perform packet analysis and create custom monitoring policies and signatures in detection tools.
• Investigate commandandcontrol (C2) communications, malicious attachments, and URLs.
• Generate Indicators of Compromise (IOCs) and perform advanced threat hunting using Splunk CloudES, SentinelOne Deep Visibility, and other platforms.
• Manage and respond to security alerts across Microsoft Defender for Cloud Apps, Endpoint, Office 365, Azure Entra ID, and Google Cloud Security Command Center.
• Utilize AIMLbased tools for anomaly detection, triage automation, and enhanced threat intelligence.
• Collaborate with data scientists and engineers to embed AIdriven detection into security infrastructure.
• Work with law enforcement partners when necessary to hand off investigative findings.
• Support SOC automation and orchestration through AIML and SOAR integration.
• 
  

  Requirements

  Required Skills & Qualifications:

  • 3+ years in IT operations and 3+ years in incident response, malware analysis, or threat hunting.
  • Advanced knowledge of APT detection, mitigation, and adversary tradecraft.
  • Proficiency in static and live malware analysis, binary disassembly, and reverse engineering.
  • Strong understanding of TCPIP, network security architecture, IDSIPS signatures, and anomaly detection.
  • Handson experience with SentinelOne, Splunk ESSOAR, ServiceNow IR, ProofPoint, Sourcefire, AWS, Azure, Okta, and O365.
  • Familiarity with DMARC, DKIM, SPF, and cloud security integrations (AzureO365Google Cloud).
  • Experience investigating targeted intrusions through complex network environments.
  • Proficiency in developing automation and AIML use cases in a SOC context.
  • Bachelor’s degree in Computer Science, Information Technology, or related field.
  • Certifications such as GCIH, CEH, ECIH, GREM (or equivalent) preferred.

  • 
    

    Schedule: Monday – Friday, 7:00 AM to 4:00 PM