Cyber Defense Analyst III

Job Description

SALARY RANGE $181,000 - $238,000/year.

DUTIES As a successful candidate for the Cyber Defense Analyst III role, you will collect and integrate information from multiple sources to monitor network activity and detect anomalous behavior; identify, triage, and report events to protect data, information systems, and infrastructure; analyze security‑relevant data to surface trends, patterns, and anomaly correlations; recommend proactive security measures; isolate indicators of compromise through focused analysis; and notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected incidents, clearly articulating event history, current status, and potential impact for further action in accordance with the organization’s cyber incident response plan.

Required Skills

SKILLS

• Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity
• Generate cybersecurity cases (including event history, status, and potential impact for further action) and route as appropriate
• Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses
• Apply cybersecurity and privacy principles to organizational requirements (confidentiality, integrity, availability, authentication, non‑repudiation)
• Perform advanced manual analysis to hunt previously unidentified threats
• Conduct PCAP analysis
• Identify cyber‑attack phases based on knowledge of common attack vectors and network layers, models, and protocols
• Apply techniques for detecting host‑ and network‑based intrusions
• Maintain working knowledge of enterprise‑level network intrusion detection/prevention systems and firewall capabilities
• Understand the foundations of a hardened Windows network and which native services and protocols are subject to abuse (RDP, Kerberos, NTLM, WMI, SMB)
• Demonstrate familiarity with the fragmentation of network traffic and how to detect and evaluate fragmentation‑related attacks in raw packet captures
• Conduct network traffic, protocol, packet‑level, and NetFlow analysis for anomalous values that may be security‑relevant using appropriate tools (Wireshark, TShark, tcpdump)
• Understand Snort filters and how they are crafted and tuned to feed IDS alerting
• Understand system and application security threats and vulnerabilities, including buffer overflow, SQL injection, race conditions, covert channel, replay, return‑oriented attacks, malicious code, and malicious scripting
• Analyze malicious activity to determine weaknesses exploited, exploitation methods, and effects on the system and information
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Be familiar with the indications of Command and Control (C2) channels and strategies attackers use to bypass enterprise defenses from a compromised host
• Demonstrate advanced knowledge of how adversaries penetrate networks and how those attacks map to detectable events across the ATT&CK framework
• Understand how VBS, JScript, and PowerShell can be maliciously used within a network, and what level of monitoring and auditing is required to detect
• Possess deep knowledge of Active Directory abuse used by attackers for lateral movement and persistence
• Provide expertise in the identification of adversarial Tactics, Techniques, and Procedures (TTPs) and in the development and deployment of signatures
• Perform after‑action reviews of team products to ensure completion of analysis
• Lead and mentor team members as a technical expert

QUALIFICATIONS Candidates must possess a Bachelor’s degree in a related discipline plus six (6) years of professional experience; alternatively, eight (8) years of relevant experience may be substituted for the degree.

In addition, candidates must have all of the following minimum experience:

• Two (2) years of demonstrated, practical experience in TCP/IP fundamentals
• Two (2) years of demonstrated experience with network traffic analysis tools such as Bricata, tcpdump, or Wireshark
• Three (3) years of demonstrated experience using security information and event management (SIEM) suites such as Splunk, ArcSight, Kibana, or LogRhythm
• Three (3) years of demonstrated experience with network analysis and threat analysis software
• Three (3) years of demonstrated experience maintaining or managing cloud environments such as Microsoft Azure and Amazon Web Services (AWS), including use of tools like Microsoft Sentinel

CERTIFICATIONS & TECHNICAL PROFICIENCIES Candidates must meet DoD 8570 CSSP Analyst baseline requirements and hold an Information Assurance Technical (IAT) Level I or Level II certification, a Computing Environment (CE) certification (Microsoft OS or CentOS/Red Hat OS), a GIAC Certified Incident Handler (GCIH) or GIAC Certified Intrusion Analyst (GCIA) certificate, and must successfully complete the Splunk software training course Fundamentals 1.

IAT options:

• Level I: A CE; CCNA Security; CND; Network CE; SSCP
• Level II: CCNA Security; CySA ; GICSP; GSEC; Security CE; CND; SSCP

About Black Eagle Defense

Black Eagle Defense is a Maryland-based small business that provides Information Technology, Cybersecurity, and related Consulting Services to the private and public sectors. Our team is composed of highly trained professionals with a commitment to continued learning, versatility, and adaptability within the ever-evolving technological landscape.

We are proud to be an Equal Employment Opportunity and Affirmative Action employer.