Security Engineer III, Exploitation Analyst / Incident Responder (TS Clearance)
Deloitte · Arlington, Virginia, United States · Yesterday
Hybrid$103k–$189k/yrFull-time
Job Summary
Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. As a Cyber Exploitation Analyst, you will support cyber defense efforts by analyzing threat activity, investigating incidents, assessing vulnerabilities, and helping strengthen security posture across enterprise environments.
What You Will Do
- Monitor networks, systems, and applications for indicators of compromise and analyze threat data to identify malicious activity.
- Investigate security incidents, collect and analyze logs, memory artifacts, network traffic, and support containment, eradication, and recovery activities.
- Identify and assess vulnerabilities in systems, networks, and applications and recommend remediation actions based on risk and exploitability.
- Analyze malware, exploits, and adversary tools, including reverse engineering malicious code and simulating adversary techniques in controlled environments.
- Prepare technical reports, briefings, and documentation that summarize findings, methodologies, and recommendations for stakeholders.
Qualifications
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related technical field.
- Active Top-Secret Clearance with SCI eligibility.
- 2+ years of experience within the following:
- Cyber exploitation analysis, threat intelligence, or incident response.
- Experience analyzing advanced persistent threats (APTs), malware, exploitation techniques, and reverse engineering tools such as IDA Pro or Ghidra.
- Experience performing vulnerability assessments, penetration testing, or red team activities.
- Experience with network traffic analysis, log analysis, digital forensics, Windows, Linux, macOS, common network protocols, scripting languages such as Python, PowerShell, or Bash, and security monitoring tools such as security information and event management (SIEM), intrusion detection systems (IDS), intrusion prevention systems (IPS), or endpoint detection and response (EDR).
- Must be willing to work at client onsite or Deloitte office for up to 5 days a week.
- Industry certifications such as Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), or CompTIA Security+ is required.
Preferred
- Experience supporting incident response in government, defense, intelligence, or large enterprise environments.
- Experience analyzing packet captures, memory dumps, and host-based forensic artifacts.
- Experience mapping threat activity to the MITRE ATT&CK framework.
- Experience developing or tuning detections for SIEM or EDR platforms.