Cyber Defense Analyst – Lead� Position Title: Cyber Defense Analyst - Lead Program: SBA – Enterprise Cybersecurity Services (ECS)Position SummaryThe Cyber Defense Analyst – Senior serves as a senior-level cybersecurity operations and incident response professional supporting the SBA Enterprise Cybersecurity Services (ECS) program.� The position provides advanced technical expertise in cybersecurity monitoring, incident response, cyber defense analysis, threat hunting, malware analysis, forensic investigation, vulnerability assessment coordination, and operational reporting. The Cyber Defense Analyst – Senior works collaboratively with SOC analysts, engineers, system administrators, ISSOs, cloud teams, and Government stakeholders to protect enterprise systems and respond to cybersecurity threats across hybrid and cloud-based environments.Essential Duties and Responsibilities
Support incident response activities identified under RFQ Task Area 3.5.3.3.
Analyze cybersecurity alerts, network traffic, endpoint activity, system logs, and indicators of compromise (IOC).
Conduct advanced triage, investigation, containment, eradication, and recovery activities for cybersecurity incidents.
Provide technical support for 24x7x365 cybersecurity monitoring and cyber defense operations.
Perform cyber threat hunting activities across enterprise networks, cloud environments, and endpoint platforms.
Support forensic investigations, malware analysis, root cause analysis, and evidence collection activities.
Correlate threat intelligence information with security events and operational indicators.
Monitor and operate cybersecurity tools including SIEM, EDR, IDS/IPS, vulnerability scanners, and security analytics platforms.
Support development and refinement of incident response procedures, playbooks, and standard operating procedures.
Provide operational analysis and recommendations regarding emerging threats, attack trends, and cybersecurity risks.
Coordinate cybersecurity incident response activities with internal teams, federal stakeholders, and external partners.
Support vulnerability management activities including remediation coordination, validation testing, and risk analysis.
Assist with operational reporting, cybersecurity metrics, dashboards, and executive briefings.
Document cybersecurity incidents, investigative findings, response actions, and lessons learned.
Support cloud security monitoring activities within Azure, AWS, Microsoft 365, and hybrid enterprise environments.
Ensure incident response and cyber defense activities align with NIST SP 800-61, NIST SP 800-53, CISA guidance, and FISMA requirements.
Provide mentorship and technical guidance to junior analysts and SOC personnel.
Participate in cybersecurity exercises, operational readiness activities, and continuous improvement initiatives.
Support coordination activities with law enforcement, OIG, privacy, and legal teams as required.
Minimum Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Assurance, Engineering, or related technical discipline. Additional relevant experience may substitute for degree requirements.
Minimum of 8 years of cybersecurity operations, cyber defense, SOC analysis, or incident response experience.
Minimum of 5 years supporting federal cybersecurity operations or incident response activities.
Hands-on experience with SIEM, EDR, IDS/IPS, network security monitoring, threat intelligence, and forensic analysis tools.
Experience conducting incident triage, malware analysis, root cause analysis, and cyber threat hunting activities.
Experience supporting cloud security operations across AWS, Azure, Microsoft 365, or hybrid enterprise environments.
Strong knowledge of federal cybersecurity standards and frameworks including FISMA, NIST RMF, NIST SP 800-53 Rev. 5, and NIST SP 800-61.
Experience analyzing security events, attack vectors, indicators of compromise, and adversarial tactics and techniques.
Strong analytical, communication, documentation, and problem-solving skills.
Ability to work effectively in high-tempo operational environments supporting 24x7 cybersecurity operations.
Preferred Certifications
Certified Information Systems Security Professional (CISSP)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Intrusion Analyst (GCIA)
CompTIA CySA+
Certified Ethical Hacker (CEH)
CompTIA Security+
Splunk Certified Power User or SIEM-related certification