Cybersecurity Threat Analyst – Incident Response & Threat Detection (Federal)

Description

Dragonfli Group is a cybersecurity and IT consulting firm based out of Washington, DC that provides expert services to federal agencies and large commercial enterprises. We partner with our clients to protect missioncritical systems, modernize IT operations, and strengthen their cybersecurity posture.

We are seeking a Cybersecurity Threat Analyst to support a large federal agency’s advanced security operations center. In this seniorlevel role, you will lead the detection, investigation, and resolution of complex cyber incidents, while integrating cuttingedge AIML technologies into the security operations (SECOPS) environment to enhance detection and response.

This role is ideal for an experienced incident responder with deep technical expertise and a proven track record in highstakes, missiondriven environments. While the position is fully remote, preference is given to candidates located in the Mooresville, NC area to support occasional onsite meetings or engagements.

Key Responsibilities

• Lead triage, analysis, and resolution of highpriority security incidents.
• Perform cybersecurity analysis, incident response, and incident handling in alignment with federal security requirements.
• Develop and implement AIMLdriven automation use cases to improve SECOPS capabilities.
• Monitor and analyze security alerts from Splunk, SentinelOne, Armis, and SNA, providing actionable recommendations for tuning and optimization.
• Integrate AIML capabilities into SOAR platforms to improve detection, correlation, and response workflows.
• Collaborate with SOC analysts, engineers, and leadership to improve detection rules, alerts, and response strategies.
• Provide guidance and mentorship to junior analysts and incident response staff.
• Document investigation findings, incident timelines, and lessons learned for continuous improvement.
• Communicate technical findings clearly to both technical and nontechnical stakeholders.
• 
  

  Requirements

  MustHave

  • Experience: Minimum 7+ years in cybersecurity operations, with at least 3 years in incident response and threat analysis at a senior or lead level.
  • Incident Response Expertise: Proven work history as part of an incident response team handling complex security events.
  • Technical Skills:
  • Certifications (Preferred): CISSP, CISM, CISA, GIAC, or RHCE
  • Clearance: Ability to obtain and maintain a federal security clearance (Public Trust or higher)
  • Work Location: Remote, with preference for candidates within commuting distance of Mooresville, NC
  • Citizenship: U.S. citizens or lawful permanent residents only

  • Preferred:

    • Experience developing RiskBased Alerting (RBA) rules and detection logic.
    • Ability to perform vulnerability assessments for newly disclosed CVEs and prioritize remediation.
    • Familiarity with endpoint detection and response (EDR), intrusion detectionprevention systems (IDSIPS), and cloud security tools.
    • Strong analytical skills to evaluate logs, telemetry, and forensic data.
    • Ability to craft custom detection signatures and test them for operational deployment.
    • 
      

      Skill(s)

      • Security tools: Splunk, SentinelOne, Armis, SNA (preferred)
      • SOAR platform experience (development, deployment, and integration)
      • AIMLbased detection and response solutions
      • Network device configuration and traffic analysis
      • Security framework alignment: MITRE ATT&CK, NIST

      • 
        

        
        

        Benefits

        • Health, dental, and vision insurance
        • PTO and 11 Federal Holidays
        • 401(k) employer match
        •