← Back to Jobs
Employee
Administrative
Cyber Defense Analysts - Senior with Security Clearance
Koniag Government ServicesWashington, DC🇺🇸United StatesPosted 15 Jul 2026
Quick Overview
Work Type
Hybrid
Schedule
Employee
Level
Mid Senior
Job Description
Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Cyber Defense Analysts - Senior to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust. We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more. Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Senior Cyber Defense Analyst to support the U.S. Small Business Administration (SBA). The ideal candidate is a skilled cybersecurity professional with a strong background in cyber defense operations, advanced threat analysis, and incident response within a federal government environment. This individual will play a critical role in protecting SBA's systems, networks, and data by performing advanced security monitoring, conducting in-depth threat analysis, and leading incident response activities in alignment with federal cybersecurity policies and SBA security requirements. The Senior Cyber Defense Analyst will serve as a senior-level cybersecurity operations professional responsible for performing advanced monitoring, detection, analysis, and response to cybersecurity threats targeting SBA's enterprise IT environment. This individual will bring deep technical expertise and operational experience to the SOC team, taking ownership of complex security investigations, leading incident response activities, and contributing to the continuous improvement of SBA's cyber defense capabilities. Principal responsibilities will include but are not limited to: * Perform advanced, continuous monitoring of SBA networks, systems, endpoints, and cloud environments using SIEM platforms, IDS/IPS tools, EDR solutions, and other security technologies to detect, identify, and respond to potential threats, anomalies, and indicators of compromise targeting SBA's enterprise IT environment. * Conduct advanced analysis and in-depth triage of security events, alerts, and incidents, determining the validity, scope, severity, and potential impact of identified threats, and escalating confirmed or suspected incidents to the Cybersecurity Operations Technical Lead in accordance with established SBA incident response procedures and SLAs. * Lead and coordinate incident response activities for significant and complex cybersecurity incidents, including containment, eradication, recovery, and post-incident review, in strict accordance with SBA's incident response policies, NIST SP 800-61 guidelines, and applicable federal requirements. * Perform advanced threat hunting activities, proactively searching SBA's enterprise environment for indicators of compromise (IOCs), hidden adversary activity, and sophisticated threats that have evaded automated detection, leveraging the MITRE ATT&CK framework, threat intelligence, and advanced analytical techniques. * Conduct detailed analysis of network traffic, system logs, endpoint telemetry, and other relevant data sources to reconstruct attack timelines, characterize adversary TTPs, identify root causes, and determine the full scope and impact of security incidents affecting SBA systems and data. * Develop and recommend enhancements to SIEM detection rules, correlation logic, behavioral analytics, and alerting thresholds based on threat hunting findings, incident analysis results, and emerging threat intelligence, working with the Technical Lead to implement approved improvements. * Analyze and operationalize threat intelligence from government and commercial sources, including US-CERT, CISA, ISACs, and commercial threat intelligence platforms, applying intelligence to ongoing monitoring, incident investigations, and threat hunting activities to enhance SBA's cyber defense posture. * Prepare detailed, high-quality incident reports, after-action reviews (AARs), and technical documentation for significant security incidents, capturing incident timelines, root cause analysis, evidence, response actions, and actionable recommendations for SBA leadership and stakeholders. * Collaborate with SBA IT teams, system owners, the Cybersecurity Architect, and other stakeholders to communicate security findings, coordinate remediation activities, and provide expert technical guidance on the resolution of identified vulnerabilities and security gaps. * Support and contribute to the development and maintenance of SOC Standard Operating Procedures (SOPs), incident response playbooks, and runbooks, ensuring documentation reflects current threats, operational procedures, and lessons learned from past incidents. * Provide mentorship and technical guidance to mid-level and junior SOC analysts, contributing to their professional development and the continuous improvement of the SOC team's overall analytical capabilities and operational effectiveness. * Support vulnerability management activities by providing advanced analysis of vulnerability scan results, assessing the exploitability and real-world risk of identified vulnerabilities in the context of SBA's threat landscape, and advising on remediation prioritization strategies. * Participate in tabletop exercises, red team/blue team activities, and purple team engagements, contributing senior-level analytical expertise to validate and strengthen SBA's detection and response capabilities against realistic attack scenarios. * Monitor and analyze changes to the federal cybersecurity policy landscape, emerging threat trends, and new vulnerability disclosures, applying new knowledge to continuously improve SBA's cyber defense monitoring and response capabilities. * Ensure all cyber defense activities comply with applicable federal cybersecurity frameworks, policies, and regulations, including NIST, FISMA, and DHS/CISA directives and guidance. Education and Experience: Required: * Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university. * 6+ years of progressive experience in cybersecurity operations, threat analysis, or cyber defense, with at least 2 years performing senior analyst functions within a SOC or cyber defense environment. * Demonstrated experience supporting federal government cybersecurity programs and SOC operations. * One or more of the following certifications: * GIAC Certified Incident Handler (GCIH) * GIAC Security Operations Certified (GSOC) * GIAC Certified Enterprise Defender (GCED) * Certified SOC Analyst (CSA) * CompTIA Cybersecurity Analyst (CySA+) * Certified Information Systems Security Professional (CISSP) Desired: * Master's degree in Cybersecurity, Information Assurance, or a related field. * 8+ years of cybersecurity operations experience within a federal government or defense contracting environment, with a demonstrated focus on advanced threat analysis, threat hunting, and incident response. Required Skills and Competencies: * Exceptional communication skills in English - both written and oral - with the ability to clearly convey complex technical security findings, incident details, and analytical recommendations to both technical and non-technical audiences, including senior SBA leadership and government stakeholders. * Advanced proficiency in security event monitoring, alert triage, threat detection, and incident response operations within a SOC environment, with demonstrated experience handling complex, high-priority security incidents from detection through resolution. * Extensive hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, ArcSight, or similar), including the ability to develop and tune detection rules, build advanced queries and dashboards, and conduct in-depth log analysis and event correlation to support complex incident investigations. * Strong knowledge of network security concepts and protocols, including TCP/IP, DNS, HTTP/S, firewalls, IDS/IPS, and demonstrated ability to analyze network traffic captures and flow data using tools such as Wireshark or Zeek to identify malicious activity during incident investigations. * Advanced proficiency with endpoint detection and response (EDR) tools and the ability to conduct thorough host-based investigations, including the analysis of endpoint telemetry, process trees, registry artifacts, and memory data to identify and characterize threats on SBA endpoints. * Demonstrated expertise in applying the MITRE ATT&CK framework to threat detection, threat hunting, and incident response activities, including the ability to map observed adversary behaviors to ATT&CK tactics and techniques to inform analytical findings and detection improvements. * Advanced experience conducting log analysis across diverse data sources, including Windows Event Logs, Syslog, cloud platform logs, application logs, and network flow data, to reconstruct attack timelines and support thorough incident investigations. * Experience leveraging threat intelligence platforms and operationalizing threat intelligence from multiple government and commercial sources to drive threat hunting priorities, enhance detection capabilities, and inform incident response activities. * Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, FISMA, and CISA guidance and directives, and their application to senior-level cyber defense operations within a federal civilian agency environment. * Demonstrated experience developing high-quality incident reports, after-action reviews, SOC SOPs, and incident response playbooks that accurately capture incident details, analytical findings, and actionable remediation recommendations. * Ability to serve as a technical mentor and resource for mid-level and junior SOC analysts, providing guidance, knowledge transfer, and professional development support to elevate team capabilities. * Strong
Similar jobs
Journeyman Cyber Security Engineer (Splunk/SIPR) - USSOCOM EDAT Zero Trust
Kentro · Tampa, United States
22 minutes agoProduct Security Analyst (Mid-Senior) with Security Clearance
Boeing · Seattle, United States
54 minutes ago$148.8k - $201.3k/yrSenior Splunk Cyber Security Engineer
MANTECH · Chantilly, United States
1 hour agoSAP Security Analyst
SAIC · Arlington, United States
1 hour ago$120.0k - $160k/yrSenior Product Security Engineer with Security Clearance
Boeing · Berkeley, United States
1 hour ago$162.3k - $219.7k/yrCyber Security Engineer
TEKsystems c/o Allegis Group · Terre Haute, United States
2 hours ago$100k/yr