5,410 Defense Analyst jobs in the United States

Make a difference here.

UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams.

By creating continuously optimized identification, detection, and resilience from todays dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India.

The Cyber Defense Analyst will join an UltraViolet Cyber services team at one of our premier customers. This position involves analyzing, investigating,containing, and responding to cybersecurity alerts. Your analytical insight, instincts, and attention to detailwill be vital in minimizing damage, protecting sensitive data, and ensuring business continuity. Ready fora challenge?

- On-Site Requirement: 50%

- Work Schedule: Four 10-hour shifts, with one shift covering either SundayWednesday or WednesdaySaturday

- Work Hours : 8AM MTN to 6PM MTN

• Investigate and Analyze: Conduct investigations to identify indicators of compromise.
• Coordinate with CSIRT team members on containment and response activities.
• Case Management: Maintain meticulous case management, ensuring all investigative actions areproperly documented to support dispositions.
• Security Operations: Participate in rotational opportunities across the CSIRT, including incidentresponse, cyber threat hunting, and detection engineering.
• Continuous Improvement: Participate in case reviews and identify opportunities for continuousimprovement in investigations and documentation.
• Stay Informed: Actively pursue knowledge of emerging threats and attack vectors while maintaining expertise in the dynamic cyber landscape.
• Global Team Collaboration: Engage as an active member of a global 24x7 cyber defensiveoperations team, which will require some weekend coverage.
• Process Documentation: Assist in creating, updating, and maintaining investigative processdocumentation to ensure consistency and efficiency.

• Experience: Experience in conducting cybersecurity investigations or related activities.
• Analytical Skills: Demonstrated analytical and problem-solving skills with the ability to thinkcritically under pressure.
• Technical Skills: Familiarity with Security Information and Event Management (SIEM) systemsand a broad set of security tools and investigation-supporting datasets.
• Security Fundamentals: Understanding of security and privacy fundamentals.
• Organizational Skills: Strong organizational skills to manage multiple tasks in a fast-pacedenvironment.
• Collaboration: A collaborative outlook that seeks to build and cultivate relationships.
• Communication Skills: Strong written and verbal communication skills.
• Must be a US Person (United States citizen or permanent resident alien as defined by the US Government)

• Impact: Play a crucial role in protecting our organizations data and ensuring business continuity.
• Growth: Enhance your skills and knowledge through continuous learning opportunities and on-the-job experience.
• Team: Work alongside a passionate and skilled team of cybersecurity professionals.
• Innovation: Be at the forefront of developing and implementing cutting-edge cybersecuritystrategies.
• Culture: Thrive in a collaborative environment that values each team member's contributionsand encourages professional growth and development.

• 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed
• Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment)
• Group Term Life, Short-Term Disability, Long-Term Disability
• Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness
• Participation in the Discretionary Time Off (DTO) Program
• 11 Paid Holidays Annually

We sincerely thank all applicants in advance for submitting their interest in this position. We know your time is valuable.

UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status.

If you want to make an impact, UltraViolet Cyber is the place for you!

• Washington, DC, USA
• Full Time
• Full Benefit Package

• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system (IDS) logs) to identify possible threats to network security.
• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
• Perform cyber defense trend analysis and reporting.
• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Track and document cyber defense incidents from initial detection through final resolution.
• Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
• Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Coordinate with intelligence analysts to correlate threat assessment data.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
• Coordinate incident response functions.

• Bachelors Degree
• 5+ years' experience in Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
• Must have, or be able to obtain within 3 months, one of the following certifications: CERT Certified Computer Security Incident Handler (CSIH), ECC Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information System Security Professional (CISSP).
• Strong written and verbal communication skills
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
• Knowledge of system administration, network, and operating system hardening techniques.

• Coordinate and support enterprise cyber defense operations and incident functions

• Provide technical support to cyber defense teams to analyze and resolve security incidents

• Correlate incident data to identify systemic vulnerabilities and recommend remediation actions

• Analyze log data from various sources (e.g., host logs, firewall logs, IDS, network traffic logs)

• Perform incident triage, including scope, urgency, potential impact, and vulnerability identification

• Track and document incidents from initial detection through final resolution

• Perform trend analysis and develop threat activity reports

• Conduct initial forensic image collection and review for remediation insights

• Execute real-time cyber defense tasks, including threat correlation, analysis, and mitigation

• Receive, review, and investigate security alerts and anomalies from enterprise monitoring tools

• Apply defense-in-depth principles to ensure layered protection and system robustness

• Collect and analyze intrusion artifacts (e.g., malware, scripts, tools) for mitigation purposes

• Monitor external threat feeds (e.g., CERTs, vendor alerts, open-source threat intel)

• Collaborate with cyber intelligence analysts to align defense activities with active threat landscapes

• Maintain current awareness of cybersecurity conditions that may affect enterprise security posture

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field is required.

• A minimum of 6 years of hands-on experience conducting penetration testing, vulnerability assessments, or red teaming.

• TS/SCI Clearance.

• Professional industry certifications highly preferred (CISSP, CompTIA Security , CySA , CASP , GIAC GCIA, GCTI, CND, or Splunk Core Certified User or Analyst).

• Proficiency in analyzing system logs, network traffic, and IDS/IPS alerts.

• Experience with SIEM platforms, such as Splunk, QRadar, or Elastic.

• Understanding of incident lifecycle tracking and forensic data handling.

• Familiarity with malware analysis, intrusion indicators, and cyber threat actor behavior.

• Strong documentation and communication skills for operational coordination and reporting.

• Working knowledge of cyber defense frameworks such as NIST 800-61 and MITRE ATT&CK.

• Excellent written and verbal communication skills, including the ability to brief technical content to non-technical audiences.

ManTech seeks a motivated, career and customer-oriented Cyber Network Defense Analyst in Herndon, VA .
 

As a CND Analyst on our team, you will use your expertise in specialized network defense to provide innovative and creative solutions to challenging cyber security problems. You will utilize the latest cyber tools available and assist with creating new ones while allowing you to advance the nation's information security posture.
 

Responsibilities include, but are not limited to:

• Provide malicious code detection, intrusion detection, and information security tool development and integration.
• Utilize forensic analysis to identify malware, misuse, and/or unauthorized activity.
• Investigate and report on virus and malware alerts or incidents to determine root cause, entry point of code and damage risk.
• Analyze all data sources, including Internet, Intelligence Community (IC) reporting, security events, firewall logs, and other data sources to identify malware, misuse, unauthorized activity or other cyber security related concerns.
• Track intelligence using open source and classified sources to identify malicious code threats and provide solutions to counteract that threat.
• Manage and administer the tuning of rules, signatures, and custom content for CND applications and systems and identify potential conflicts with implementation of any CND tools within the enterprise and develop recommendations to remediate these conflicts
• Provide logical use case development.
• Provide and track requirements to engineering partners.
• Identify gaps in visibility or coverage of cyber defense systems.
• Prepare data analytics and reporting.
   

Minimum Qualifications:

• High School Diploma and 11+ years of experience in a cyber security or network security role, or Bachelor’s degree in a technical field with 7+ years of experience
• Experience writing script in programming languages such as Python, JavaScript, Yara or Snort
• Experience using SIEM tools for case development and application
• Experience with network security applications, protocols, and associated hardware
• Experience with one or more of the following classes of enterprise cyber defense technologies: SysMon, Network and Host based IDS and IPS, Network and host-based malware detection and prevention, Endpoint Detection & Response (EDR) and Network Detection & Response (NDR), Network and Host malware detection and prevention (EDR/NDR) tools, Web/Email gateway security technologies, Security Orchestration, Automation and Response (SOAR) or Cloud Based platforms such as Azure, AWS, or Google
   

Preferred Qualifications:

• Experience working with MITRE ATT&CK
• Experience with Splunk or Splunk Enterprise Security
• Experience with forensics tools and applications
   

Clearance Requirements:

• Must have an active/Current TS/SCI with polygraph
   

Physical Requirements:

• Must be able to remain in a stationary position 50%

ManTech seeks a motivated, career and customer-oriented Cyber Network Defense Analyst in Herndon, VA .
 

As a CND Analyst on our team, you will use your expertise in specialized network defense to provide innovative and creative solutions to challenging cyber security problems. You will utilize the latest cyber tools available and assist with creating new ones while allowing you to advance the nation's information security posture.
 

Responsibilities include, but are not limited to:

• Provide malicious code detection, intrusion detection, and information security tool development and integration.
• Utilize forensic analysis to identify malware, misuse, and/or unauthorized activity.
• Investigate and report on virus and malware alerts or incidents to determine root cause, entry point of code and damage risk.
• Analyze all data sources, including Internet, Intelligence Community (IC) reporting, security events, firewall logs, and other data sources to identify malware, misuse, unauthorized activity or other cyber security related concerns.
• Track intelligence using open source and classified sources to identify malicious code threats and provide solutions to counteract that threat.
• Manage and administer the tuning of rules, signatures, and custom content for CND applications and systems and identify potential conflicts with implementation of any CND tools within the enterprise and develop recommendations to remediate these conflicts
• Provide logical use case development.
• Provide and track requirements to engineering partners.
• Identify gaps in visibility or coverage of cyber defense systems.
• Prepare data analytics and reporting.
   

Minimum Qualifications:

• High School Diploma and 11+ years of experience in a cyber security or network security role, or Bachelor’s degree in a technical field with 7+ years of experience
• Experience writing script in programming languages such as Python, JavaScript, Yara or Snort
• Experience using SIEM tools for case development and application
• Experience with network security applications, protocols, and associated hardware
• Experience with one or more of the following classes of enterprise cyber defense technologies: SysMon, Network and Host based IDS and IPS, Network and host-based malware detection and prevention, Endpoint Detection & Response (EDR) and Network Detection & Response (NDR), Network and Host malware detection and prevention (EDR/NDR) tools, Web/Email gateway security technologies, Security Orchestration, Automation and Response (SOAR) or Cloud Based platforms such as Azure, AWS, or Google
   

Preferred Qualifications:

• Experience working with MITRE ATT&CK
• Experience with Splunk or Splunk Enterprise Security
• Experience with forensics tools and applications
   

Clearance Requirements:

• Must have an active/Current TS/SCI with polygraph
   

Physical Requirements:

• Must be able to remain in a stationary position 50%

Cyber Defense Analyst - Senior Z FEDERAL s seeking a Cyber Defense Analyst - Senior to work in our Washington, DC office to support a full range of cyber security services. The position is full time and will support a US Government civilian agency. This position requires an Active Top Secret Clearance and 6+ years of relevant work experience . Job Requirements Strong written and verbal communication skills with excellent attention to detail Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute). Ability to conduct independent analysis with minimal assistance on events generated by SIEM and individual security tools. Ability to create custom detection rules to query log data for indicators of compromise. Experience conducting security event analysis from beginning to end and determining root cause. Experience creating and reviewing standard operating procedures with minimal supervision and oversight. Ability to mentor junior personnel and provide guidance on analysis that may exceed the capabilities of junior analysts. Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). Knowledge of incident response and handling methodologies. Knowledge of incident categories, incident responses, and timelines for responses. Knowledge of front-end collection systems, including traffic collection, filtering, and selection. Experience with system administration, network, and operating system hardening techniques. Knowledge of cyber defense and information security policies, procedures, and regulations. Knowledge of the common attack vectors on the network layer. Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). In-depth understanding of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Knowledge of various types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN). Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip). Knowledge of front-end collection systems, including traffic collection, filtering, and selection. Develop content for cyber defense tools. Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. Coordinate with enterprise-wide cyber defense staff to validate network alerts. Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment. Perform cyber defense trend analysis and reporting. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Identify and analyze anomalies in network traffic using metadata. Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools. Salary Range: $107,000 - $124,000 Required Skills Bachelors degree or higher 6+ years' experience in Network/data analysis, packet capture analysis, malware detection, custom intrusion signature development, advanced information assurance Certifications addressing incident handling (identification, overview, and preparation) buffer overflow, client attacks, covering tacks (networks, systems), denial of service attaches, incident handing (containment, eradication, recovery, and lessons learned), network attacks, password attacks, reconnaissance, scanning (discovery and mapping, techniques and defense), session hijacking and cache poisoning, techniques for maintaining access, web applications attacks, worms, bots, and bot-nets Active TS/SCI clearance Desired Skills Experience in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort). Ability to analyze malware and conduct vulnerability scans and recognize vulnerabilities in security systems. Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Experience evaluating the adequacy of security designs. Skill in using incident handling methodologies. Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies. Experience with using protocol analyzers and collecting data from a variety of cyber defense resources. Experience reading and interpreting signatures (e.g., snort). Experience with assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.) Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Z FEDERAL offers: Self-directed 401K and annual company match Up to four weeks of paid time off (PTO) 11 paid federal holidays Other forms of leave such as bereavement, jury duty, military leave Full Health Benefits: Medical and Vision, Dental (employee-paid) Life Insurance Short and Long Term Disability, AD&D Insurance Flexible Spending Account (Medical and Dependent Care) Performance-based bonuses Tuition Reimbursement Incentive and referral bonuses Commuter benefits Professional Development and Training Years of Service Reward and Recognition Program Z FEDERAL 's commitment to employee growth and development is proven and valued by our staff. We want our employees to excel, grow professionally, and take on increasingly responsible roles. #J-18808-Ljbffr

RealmOne is FOCUSED on you! RealmOne was built on the principle that people matter first and foremost. We believe in providing a strong work/life balance by investing in our employees and encouraging professional and personal growth. We do this by offering exceptional benefits, flexible schedules, and the tools necessary to achieve success through paid training, mentoring, and the opportunity to work alongside top-notch security professionals. Join us on this journey as we execute this new mission-critical contract providing Cybersecurity Expertise and Risk Management! Your effort and expertise are crucial to the success and execution of this impactful mission that is critical in ensuring mission success through Exploitation Analyst, Digital Network Exploitation Analyst, Target Digital Network Analyst, Cyber Network Defense Analyst by improving, protecting, and defending our Nation's Security. Job Description: We are looking for a Computer Network Defense Analyst (CNDA) with experience in computer or information systems design, programming, cybersecurity, vulnerability analysis, penetration testing, computer forensics, information assurance, and systems engineering. You will utilize information from various sources, such as intrusion detection systems, firewalls, network traffic logs, and host system logs, to identify potential vulnerabilities, respond to cyber events, and defend against possible threats. Additionally, you will help develop mitigations to strengthen network defenses and protect against attacks on network infrastructure devices or systems. Your work may encompass various data transport methods, including traditional wired networks, wireless transport (Wi-Fi and cellular), and collaborative platforms like video teleconferencing, along with the supporting hardware and software. Experience in network or system administration is also required. The Computer Network Defense Analyst shall possess the following capabilities: Utilize information from various sources, such as intrusion detection systems, firewalls, network traffic logs, and host system logs, to identify potential vulnerabilities, respond to cyber events, and defend against possible threats. Develop mitigations to strengthen network defenses and protect against attacks on network infrastructure devices or systems. Support a wide range of data transport methods, including traditional wired networks, wireless transport (such as Wi-Fi and cellular), collaborative platforms like video teleconferencing, and the associated hardware and software. Qualifications: Level 1: Associate's Degree with 4 years of experience or Bachelor's Degree with 2 years of experience Level 2: Associate's Degree with 7 years of experience or Bachelor's Degree with 5 years of experience, Master's Degree with 3 years of experience, or PhD with 2 years of experience Level 3: Associate's Degree with 10 years of experience or Bachelor's Degree with 8 years of experience, Master's Degree with 6 years of experience, or PhD with 4 years of experience Level 4: Associate's Degree with 13 years of experience or Bachelor's Degree with 11 years of experience, Master's Degree with 9 years of experience, or PhD with 7 years of experience All Levels: 18 semester hours of military training/coursework in networking, computer science, or cyber topics is equivalent to an Associate's degree. Degree must be in Network Engineering, Systems Engineering, Information Technology, or related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Computer Science, Computer Forensics, Cyber Security, Software Engineering, Information Assurance, or Computer Security) Position requires active Security Clearance with appropriate Polygraph. #J-18808-Ljbffr