Cyber Threat Specialist

Cyber Threat Specialist in GAC Savannah

Unique Skills:

Unique Skills for [[extTitle]]

Monitor, analyze, and triage security alerts across SIEM, IDS/IPS, EDR, firewalls, VPN, and email security tools.
Detect, validate, prioritize, and escalate security incidents based on risk and impact.
Conduct digital forensic evidence collection and analysis using EnCase, FTK, Magnet AXIOM, Cellebrite, Volatility, KAPE, Velociraptor, Wireshark, etc.

Support incident response activities including containment, eradication, and recovery.
Analyze network traffic, endpoint telemetry, and operating systems to identify malicious or anomalous activity.
Perform proactive threat hunting using manual and automated investigative techniques.
Validate IDS alerts and tune detections to reduce false positives and improve fidelity.
Produce clear incident reports documenting findings, root cause, and remediation actions.
Improve SOC processes, workflows, and incident documentation.
Apply knowledge of attacker tactics, penetration testing, and ethical hacking to defensive operations.
Support 24x7 SOC operations, including on‑call and shift work (1st, 2nd, 3rd)
Demonstrate strong analytical skills, teamwork, and adaptability in high‑pressure environments.

Education and Experience Requirements Bachelor's Degree or equivalent combination of education and experience to successfully perform the essential functions of the job. Degree in information security, Computer Sciences or Technology related field preferred. 7 years of related experience.

Position Purpose:

The Cyber Threat Specialist provides management with a clear picture of threats associated with Business Technology assets in a way that enables them to make well-informed decisions regarding threat management. This is achieved through the effective communication of information collected through various tools, analysis of event and incident reports utilizing both automated and manual methods. The Cyber Threat Spec must also be capable of supervising and guiding the forensics team to include conducting computer forensic investigations, data recovery, electronic discovery and leading an incident response team.Job Description

Principle Duties and Responsibilities:

Essential Functions:

1. Conducting forensic collections of electronic evidence including information system and network devices for legal, human resources, ethics, and information security.

Applying forensic software/hardware applications to analyze digital media, images; determining solutions for recovery of potentially relevant information.

Examining and analyzing network traffic, related applications and operating systems to identify potential threats, anomalous or malicious activities to network resources; validating Intrusion Detection System (IDS) alerts.

Analyze security data to effectively detect intrusions & attempted intrusions and to initiate and engage the proper resources to mitigate the risk.

Providing reports and documents regarding network security incidents details and outcome; leads efforts in troubleshooting problems and recommending vulnerability corrections.

Monitoring and improving documentation and reporting processes for cyber incident status and results.

Driving the design and implementation of the organizational information security solutions, and continuously enhancing information security approaches and methodologies.

Lead incident response team in addressing and managing the aftermath of a security breach or attack. Must be trained and have experience in incident response procedures and practices .

Defining process issues and resolutions; facilitating and overseeing computer forensics processes.

Conducting security assessments, penetration testing, and ethical hacking.

Identifying, analyzing, and reporting threats or hidden events within the enterprise network by using defensive measures and information collected from a variety of sources to protect data, information systems, and networks.

Provides technical and administrative support and performs a range of investigations of information security systems.

Perform analysis and investigations using data from firewalls, IPS, VPN, web filtering, SIEM, IDS, email filtering and forensic tools.

Additional Functions:

1. Able to be on call for incidents and problems; also able to work different shifts. .

Able to travel as needed. .

Proficient in the use of incident response and forensics tools such as FTK, Encase, and Cellebrite. .

Perform other duties as assigned.

Other Requirements:

1. Must have an understanding of cyber forensics, networking, and information security technologies and be able to demonstrate outside-the-box thinking and continuous learning.

Experience with the following operating systems: Windows, OSX, IOS, Linux or UNIX.

Security Certification such as CISSP, CEH, ACE, EnCE, CCE, Security+ etc. required.

A credit history check from a national credit bureau will be conducted for all candidates for this position including new hires and current employees seeking promotion or transfer. This job requires one to be able to read, write, speak, and understand the English language.

Additional Information

Requisition Number: 232121

Category: Information Systems

Percentage of Travel: Up to 25%

Shift: First

Employment Type: Full-time

Posting End Date: 04/21/2026

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Gulfstream does not provide work visa sponsorship for this position, unless the applicant is a currently sponsored Gulfstream employee.

Legal Information | Site Utilities | Contacts | Sitemap
Copyright © 2025 Gulfstream Aerospace Corporation. All Rights Reserved. A General Dynamics Company.

Gulfstream Aerospace Corporation, a wholly-owned subsidiary of General Dynamics (NYSE: GD), designs, develops, manufactures, markets, services and supports the world's most technologically-advanced business jet aircraft