Posted today
Secret
Senior Level Career (10+ yrs experience)
Unspecified
IT - Security
Arlington, VA (On-Site/Office)
Tetrad Digital Integrity (TDI) is hiring an exceptional DoW Cloud CND / DCO (Computer Network Defense / Defensive Cyber Operations) Engineer to support defensive cyber operations for a mission-critical, cloud-hosted defense system that will be treated as a high-value target. This is a high-visibility engagement with frequent change, heavy stakeholder involvement, and a system operating under elevated adversary interest. This is not a “watch-the-console” role. We need a team player who is a mission-focused decisive operator who can execute under pressure, coordinate cleanly with the CSSP, and continuously improve detection and response outcomes without hand-holding.
KEY RESPONSIBILITIES/ WHAT YOU’LL DO
• Comply with the appropriate currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines.
• Coordinate with the CSSP to support near-real-time monitoring and analysis of insider and external threats during core business hours using security tools (e.g., SIEM, endpoint/EDR, firewall/network logs, cloud-native logging), dashboards/alerts, and custom-developed scripts.
• Support CSSP alerting workflows by triaging events, enriching context, escalating appropriately, and helping prioritize remediation using reliable threat intelligence.
• Perform continuous monitoring (ConMon) activities including audit review, attack sensing and warning, intrusion/malware detection support, and recurring control-health checks aligned to program needs.
• Support and execute cyber incident response actions in coordination with the Government lead, including initial triage, evidence capture, containment recommendations, and recovery support.
• Coordinate response and recovery actions with external agencies/providers as needed (e.g., CSSP, CCMDs, platform providers) while ensuring actions are performed IAW applicable policies and instructions.
• Provide CNAP monitoring support as applicable (network monitoring, intrusion detection monitoring, authentication monitoring).
• Conduct intrusion research and vulnerability research to inform detection priorities, hardening actions, and risk-based remediation recommendations.
• Coordinate and deconflict activities for CSSP responses and red team responses; ensure findings translate into actionable improvements and trackable outcomes.
• Develop and maintain scripts, queries, and repeatable workflows (including responsible AI-enabled methods where appropriate) to automate labor-intensive monitoring, enrichment, evidence capture, and reporting tasks.
• Communicate clearly and concisely: produce incident summaries, technical findings, and stakeholder-ready updates with minimal editing in a high-tempo environment.
REQUIRED
• Active DoD Secret or Top-secret clearance.
• Role required security certification such as: CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER.
• Demonstrated experience in CND/DCO operations (detection, triage, incident handling) supporting enterprise or mission environments.
• Cloud SecOps depth (GCP strongly preferred; AWS/Azure acceptable), including logging architecture, identity telemetry, and SIEM integration.
• Experience working with a CSSP (or SOC/CNDSP-equivalent) and operating within defined escalation, reporting, and coordination processes.
• Working proficiency with SIEM tooling, endpoint/EDR, firewall/network telemetry, identity/authentication logs, and cloud logging pipelines.
• Practical incident response capability: evidence handling, containment guidance, recovery support, and post-incident improvement.
• Strong writing and briefing skills: able to deliver precise, customer-ready outputs with minimal oversight.
• Demonstrated adoption of automation (scripts, repeatable workflows, and responsible AI-enabled methods) to reduce toil and improve speed/quality.
• Comfort operating in a high-change environment with competing priorities, time-sensitive events, and frequent stakeholder engagement.
• Cloud certification (e.g., CCSP or cloud provider security / professional certs such as Google’s Professional Cloud DevOps Engineer, Professional Cloud Security Engineer, or Professional Cloud Network Engineer).
If you prefer predictable scope, low stakeholder interaction, or a “monitor and escalate only” posture, this will not be a fit. If you are a hands-on defender who can triage decisively, coordinate cleanly with a CSSP, automate away toil, and drive measurable detection/response improvements under pressure, we want to talk!
KEY RESPONSIBILITIES/ WHAT YOU’LL DO
• Comply with the appropriate currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines.
• Coordinate with the CSSP to support near-real-time monitoring and analysis of insider and external threats during core business hours using security tools (e.g., SIEM, endpoint/EDR, firewall/network logs, cloud-native logging), dashboards/alerts, and custom-developed scripts.
• Support CSSP alerting workflows by triaging events, enriching context, escalating appropriately, and helping prioritize remediation using reliable threat intelligence.
• Perform continuous monitoring (ConMon) activities including audit review, attack sensing and warning, intrusion/malware detection support, and recurring control-health checks aligned to program needs.
• Support and execute cyber incident response actions in coordination with the Government lead, including initial triage, evidence capture, containment recommendations, and recovery support.
• Coordinate response and recovery actions with external agencies/providers as needed (e.g., CSSP, CCMDs, platform providers) while ensuring actions are performed IAW applicable policies and instructions.
• Provide CNAP monitoring support as applicable (network monitoring, intrusion detection monitoring, authentication monitoring).
• Conduct intrusion research and vulnerability research to inform detection priorities, hardening actions, and risk-based remediation recommendations.
• Coordinate and deconflict activities for CSSP responses and red team responses; ensure findings translate into actionable improvements and trackable outcomes.
• Develop and maintain scripts, queries, and repeatable workflows (including responsible AI-enabled methods where appropriate) to automate labor-intensive monitoring, enrichment, evidence capture, and reporting tasks.
• Communicate clearly and concisely: produce incident summaries, technical findings, and stakeholder-ready updates with minimal editing in a high-tempo environment.
REQUIRED
• Active DoD Secret or Top-secret clearance.
• Role required security certification such as: CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER.
• Demonstrated experience in CND/DCO operations (detection, triage, incident handling) supporting enterprise or mission environments.
• Cloud SecOps depth (GCP strongly preferred; AWS/Azure acceptable), including logging architecture, identity telemetry, and SIEM integration.
• Experience working with a CSSP (or SOC/CNDSP-equivalent) and operating within defined escalation, reporting, and coordination processes.
• Working proficiency with SIEM tooling, endpoint/EDR, firewall/network telemetry, identity/authentication logs, and cloud logging pipelines.
• Practical incident response capability: evidence handling, containment guidance, recovery support, and post-incident improvement.
• Strong writing and briefing skills: able to deliver precise, customer-ready outputs with minimal oversight.
• Demonstrated adoption of automation (scripts, repeatable workflows, and responsible AI-enabled methods) to reduce toil and improve speed/quality.
• Comfort operating in a high-change environment with competing priorities, time-sensitive events, and frequent stakeholder engagement.
• Cloud certification (e.g., CCSP or cloud provider security / professional certs such as Google’s Professional Cloud DevOps Engineer, Professional Cloud Security Engineer, or Professional Cloud Network Engineer).
If you prefer predictable scope, low stakeholder interaction, or a “monitor and escalate only” posture, this will not be a fit. If you are a hands-on defender who can triage decisively, coordinate cleanly with a CSSP, automate away toil, and drive measurable detection/response improvements under pressure, we want to talk!
group id: 90723267
