Job Requirements
Washington, DC
Public Trust Full Scope Polygraph
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries
Job Description
Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Cyber Defense Analysts - Senior to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Senior Cyber Defense Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is a skilled cybersecurity professional with a strong background in cyber defense operations, advanced threat analysis, and incident response within a federal government environment. This individual will play a critical role in protecting SBA's systems, networks, and data by performing advanced security monitoring, conducting in-depth threat analysis, and leading incident response activities in alignment with federal cybersecurity policies and SBA security requirements.
The Senior Cyber Defense Analyst will serve as a senior-level cybersecurity operations professional responsible for performing advanced monitoring, detection, analysis, and response to cybersecurity threats targeting SBA's enterprise IT environment. This individual will bring deep technical expertise and operational experience to the SOC team, taking ownership of complex security investigations, leading incident response activities, and contributing to the continuous improvement of SBA's cyber defense capabilities.
Principal responsibilities will include but are not limited to:
Education and Experience:
Required:
Desired:
Required Skills and Competencies:
Desired Skills and Competencies:
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Senior Cyber Defense Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is a skilled cybersecurity professional with a strong background in cyber defense operations, advanced threat analysis, and incident response within a federal government environment. This individual will play a critical role in protecting SBA's systems, networks, and data by performing advanced security monitoring, conducting in-depth threat analysis, and leading incident response activities in alignment with federal cybersecurity policies and SBA security requirements.
The Senior Cyber Defense Analyst will serve as a senior-level cybersecurity operations professional responsible for performing advanced monitoring, detection, analysis, and response to cybersecurity threats targeting SBA's enterprise IT environment. This individual will bring deep technical expertise and operational experience to the SOC team, taking ownership of complex security investigations, leading incident response activities, and contributing to the continuous improvement of SBA's cyber defense capabilities.
Principal responsibilities will include but are not limited to:
- Perform advanced, continuous monitoring of SBA networks, systems, endpoints, and cloud environments using SIEM platforms, IDS/IPS tools, EDR solutions, and other security technologies to detect, identify, and respond to potential threats, anomalies, and indicators of compromise targeting SBA's enterprise IT environment.
- Conduct advanced analysis and in-depth triage of security events, alerts, and incidents, determining the validity, scope, severity, and potential impact of identified threats, and escalating confirmed or suspected incidents to the Cybersecurity Operations Technical Lead in accordance with established SBA incident response procedures and SLAs.
- Lead and coordinate incident response activities for significant and complex cybersecurity incidents, including containment, eradication, recovery, and post-incident review, in strict accordance with SBA's incident response policies, NIST SP 800-61 guidelines, and applicable federal requirements.
- Perform advanced threat hunting activities, proactively searching SBA's enterprise environment for indicators of compromise (IOCs), hidden adversary activity, and sophisticated threats that have evaded automated detection, leveraging the MITRE ATT&CK framework, threat intelligence, and advanced analytical techniques.
- Conduct detailed analysis of network traffic, system logs, endpoint telemetry, and other relevant data sources to reconstruct attack timelines, characterize adversary TTPs, identify root causes, and determine the full scope and impact of security incidents affecting SBA systems and data.
- Develop and recommend enhancements to SIEM detection rules, correlation logic, behavioral analytics, and alerting thresholds based on threat hunting findings, incident analysis results, and emerging threat intelligence, working with the Technical Lead to implement approved improvements.
- Analyze and operationalize threat intelligence from government and commercial sources, including US-CERT, CISA, ISACs, and commercial threat intelligence platforms, applying intelligence to ongoing monitoring, incident investigations, and threat hunting activities to enhance SBA's cyber defense posture.
- Prepare detailed, high-quality incident reports, after-action reviews (AARs), and technical documentation for significant security incidents, capturing incident timelines, root cause analysis, evidence, response actions, and actionable recommendations for SBA leadership and stakeholders.
- Collaborate with SBA IT teams, system owners, the Cybersecurity Architect, and other stakeholders to communicate security findings, coordinate remediation activities, and provide expert technical guidance on the resolution of identified vulnerabilities and security gaps.
- Support and contribute to the development and maintenance of SOC Standard Operating Procedures (SOPs), incident response playbooks, and runbooks, ensuring documentation reflects current threats, operational procedures, and lessons learned from past incidents.
- Provide mentorship and technical guidance to mid-level and junior SOC analysts, contributing to their professional development and the continuous improvement of the SOC team's overall analytical capabilities and operational effectiveness.
- Support vulnerability management activities by providing advanced analysis of vulnerability scan results, assessing the exploitability and real-world risk of identified vulnerabilities in the context of SBA's threat landscape, and advising on remediation prioritization strategies.
- Participate in tabletop exercises, red team/blue team activities, and purple team engagements, contributing senior-level analytical expertise to validate and strengthen SBA's detection and response capabilities against realistic attack scenarios.
- Monitor and analyze changes to the federal cybersecurity policy landscape, emerging threat trends, and new vulnerability disclosures, applying new knowledge to continuously improve SBA's cyber defense monitoring and response capabilities.
- Ensure all cyber defense activities comply with applicable federal cybersecurity frameworks, policies, and regulations, including NIST, FISMA, and DHS/CISA directives and guidance.
Education and Experience:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university.
- 6+ years of progressive experience in cybersecurity operations, threat analysis, or cyber defense, with at least 2 years performing senior analyst functions within a SOC or cyber defense environment.
- Demonstrated experience supporting federal government cybersecurity programs and SOC operations.
- One or more of the following certifications:
- GIAC Certified Incident Handler (GCIH)
- GIAC Security Operations Certified (GSOC)
- GIAC Certified Enterprise Defender (GCED)
- Certified SOC Analyst (CSA)
- CompTIA Cybersecurity Analyst (CySA+)
- Certified Information Systems Security Professional (CISSP)
Desired:
- Master's degree in Cybersecurity, Information Assurance, or a related field.
- 8+ years of cybersecurity operations experience within a federal government or defense contracting environment, with a demonstrated focus on advanced threat analysis, threat hunting, and incident response.
Required Skills and Competencies:
- Exceptional communication skills in English - both written and oral - with the ability to clearly convey complex technical security findings, incident details, and analytical recommendations to both technical and non-technical audiences, including senior SBA leadership and government stakeholders.
- Advanced proficiency in security event monitoring, alert triage, threat detection, and incident response operations within a SOC environment, with demonstrated experience handling complex, high-priority security incidents from detection through resolution.
- Extensive hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, ArcSight, or similar), including the ability to develop and tune detection rules, build advanced queries and dashboards, and conduct in-depth log analysis and event correlation to support complex incident investigations.
- Strong knowledge of network security concepts and protocols, including TCP/IP, DNS, HTTP/S, firewalls, IDS/IPS, and demonstrated ability to analyze network traffic captures and flow data using tools such as Wireshark or Zeek to identify malicious activity during incident investigations.
- Advanced proficiency with endpoint detection and response (EDR) tools and the ability to conduct thorough host-based investigations, including the analysis of endpoint telemetry, process trees, registry artifacts, and memory data to identify and characterize threats on SBA endpoints.
- Demonstrated expertise in applying the MITRE ATT&CK framework to threat detection, threat hunting, and incident response activities, including the ability to map observed adversary behaviors to ATT&CK tactics and techniques to inform analytical findings and detection improvements.
- Advanced experience conducting log analysis across diverse data sources, including Windows Event Logs, Syslog, cloud platform logs, application logs, and network flow data, to reconstruct attack timelines and support thorough incident investigations.
- Experience leveraging threat intelligence platforms and operationalizing threat intelligence from multiple government and commercial sources to drive threat hunting priorities, enhance detection capabilities, and inform incident response activities.
- Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, FISMA, and CISA guidance and directives, and their application to senior-level cyber defense operations within a federal civilian agency environment.
- Demonstrated experience developing high-quality incident reports, after-action reviews, SOC SOPs, and incident response playbooks that accurately capture incident details, analytical findings, and actionable remediation recommendations.
- Ability to serve as a technical mentor and resource for mid-level and junior SOC analysts, providing guidance, knowledge transfer, and professional development support to elevate team capabilities.
- Strong analytical and problem-solving skills with the ability to manage multiple complex investigations simultaneously, prioritize effectively under pressure, and drive incidents through to resolution in a timely and thorough manner.
- Ability to obtain and maintain a Public Trust Clearance.
Desired Skills and Competencies:
- Prior experience supporting SBA or other federal civilian agency SOC operations or cyber defense programs, with demonstrated knowledge of SBA's IT environment, threat landscape, and cybersecurity program requirements.
- Experience with cloud security monitoring and incident investigation in AWS, Azure, or GCP environments, including familiarity with cloud-native logging, monitoring, and security services such as AWS GuardDuty, Microsoft Defender for Cloud, or Google Security Command Center.
- Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms and experience using scripting languages such as Python or PowerShell to develop automated detection, investigation, and response workflows that improve SOC efficiency and analytical capability.
- Experience with digital forensics concepts and techniques, including basic disk forensics, memory forensics, and network forensics, to support advanced incident response investigations and evidence collection activities.
- Knowledge of Zero Trust Architecture (ZTA) principles and their implications for advanced threat detection, cyber defense monitoring, and incident response within a federal IT environment.
- Familiarity with the CDM (Continuous Diagnostics and Mitigation) program tools, data requirements, and their application in supporting senior-level SOC operations and cyber defense activities within federal civilian agencies.
- GIAC Certified Forensic Analyst (GCFA) or GIAC Network Forensic Analyst (GNFA) certification.
- Experience supporting or participating in purple team exercises, collaborating with offensive security and SOC teams to validate and improve detection and response capabilities against real-world attack scenarios.
- Familiarity with cyber deception technologies, including honeypots and deception platforms, and their application in enhancing threat detection and adversary identification capabilities within SBA's environment.
- Experience working within FedRAMP authorized cloud environments and familiarity with FedRAMP security requirements as they relate to senior-level SOC monitoring, incident response, and cyber defense activities.
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
group id: 10201473