Cyber Defense Analyst
Ridgeline International, LLC · Tysons Corner, VA · 1 mo ago
HybridInformation TechnologyFull-time
About the role
Veilant is seeking a Cyber Defense Analyst to join our Information Security team. This role involves monitoring network and endpoint activity, investigating security alerts, tuning detections, and conducting threat hunting.
Responsibilities
- Monitor endpoint and network activity using Microsoft Defender for Endpoint, Elastic, Splunk, and related security tools.
- Triage and investigate alerts, distinguishing between benign activity and suspicious or malicious behavior.
- Develop, tune, and maintain detections using KQL, ES|QL, SQL, SPL, or similar query languages.
- Translate threat intelligence, IOCs, TTPs, and emerging threat reporting into actionable detections, dashboards, queries, and hunts.
- Conduct targeted threat hunts using frameworks such as MITRE ATT&CK.
- Document incidents, including timelines, indicators, scope, findings, remediation steps, and lessons learned.
- Build dashboards and visualizations that improve visibility into enterprise activity and anomalies.
- Contribute to playbooks that improve the team’s speed, consistency, and effectiveness during investigations.
- Collaborate with security, IT, and Engineering teams to support investigations and response activities.
Requirements
- Four-year degree in Computer Science, Cybersecurity, Computer Engineering, or a related field, or equivalent hands-on experience in cybersecurity, networking, systems administration, systems engineering, military cyber operations, information warfare, communications, intelligence, or secure enterprise operations.
- At least two years of experience in cybersecurity, networking, systems administration, systems engineering, cyber operations, or a related technical role.
- Working knowledge of Windows Workstation and Windows Server operating systems.
- Knowledge of network protocols, traffic patterns, and common attack behaviors.
- Experience with one or more of the following:
- EDR platforms
- SIEM platforms
- Vulnerability management tools
- Threat intelligence sources
- Log analysis, alert triage, or incident investigation workflows
Qualifications
- Ability to investigate alerts, correlate evidence across data sources, and escalate findings clearly.
- Ability to write, modify, or tune detections using KQL, ES|QL, SQL, SPL, or similar query languages.
- Familiarity with using AI tools to support investigations, analysis, documentation, or workflow efficiency.
- Strong problem-solving, communication, and documentation skills.
- Eligible to obtain a U.S. Government Security Clearance.