Computer Network Defense Analyst

AGE Solutions is looking for a Computer Network Defense Analyst (CND Analyst) to provide enterprise-level Cyber Network Defense (CND) support for continuous monitoring, detection, analysis, and response to cybersecurity events and unauthorized activity affecting government information systems and network infrastructure. Supports 24x7x365 cybersecurity operations to maintain confidentiality, integrity, availability, and overall security posture of government networks, systems, applications, and data assets across multiple operational environments.

Responsibilities Include:

• Performs enterprise Cyber Network Defense (CND) activities in support of continuous cybersecurity operations, including the identification, assessment, investigation, and remediation of cyber threats, security events, and unauthorized activity impacting government systems and network infrastructure. Maintains persistent defensive cyber operations to preserve the security, availability, integrity, and resiliency of government enterprise networks, applications, and data resources across diverse operational environments.
• Conduct proactive threat hunting activities to identify emerging cyber threats, suspicious activity, and potential vulnerabilities impacting enterprise systems, networks, and operational environments.
• Initiate and coordinate incident response procedures upon confirmation that a security event or alert meets established cybersecurity incident criteria requiring investigation, containment, and remediation actions.
• Analyze and correlate cybersecurity data from multiple sources, including host and network IDS/IPS platforms, system logs, packet captures, forensic utilities, and threat intelligence resources, to identify, assess, and investigate potential cyber threats and malicious activity.
• Evaluate the impact and scope of suspected or confirmed cybersecurity incidents and execute appropriate containment, eradication, and recovery actions to restore affected systems, services, and data while minimizing operational disruption.
• Document and maintain detailed records of all incident response activities, including detection, containment, eradication, and recovery efforts, in accordance with established government Standard Operating Procedures (SOPs) and Tactics, Techniques, and Procedures (TTPs).
• Adhere to established Tactics, Techniques, and Procedures (TTPs) while developing After Action Reports (AARs) that document identified deficiencies, lessons learned, corrective actions, and recommendations for continuous process and operational improvement.
• Develop, customize, and implement cybersecurity countermeasures, including SIEM correlation rules and IDS/IPS signatures, to enhance threat detection capabilities and strengthen the defensive security posture of government enterprise environments.
• Perform tuning and optimization of cybersecurity detection signatures while documenting all modifications and configuration changes in accordance with established government policies, procedures, and operational guidelines.
• Ensure prompt notification, escalation, and reporting of cybersecurity incidents to the proper, Program Management Offices (PMOs), Information System Security Managers (ISSMs), USCYBERCOM, JFHQ-DODIN, law enforcement entities, and other designated stakeholders in accordance with established reporting requirements and incident response procedures.
• Maintain detailed incident journals and ensure all cybersecurity incident reporting, documentation.
• Perform basic malware analysis and support the forensically sound collection, acquisition, handling, and preservation of volatile, persistent, and environmental incident data in support of cybersecurity investigations and incident response activities.
• Prepare, document, and submit forensic examination and malware analysis reports in accordance with established cybersecurity investigation, reporting, and incident response requirements.
• Participate in proactive threat hunting operations utilizing established tools, methodologies, and Standard Operating Procedures (SOPs) to identify suspicious activity, enhance threat detection capabilities, and develop or implement new detection signatures and indicators.
• Document and maintain detailed records of threat hunting activities, investigative actions, analytical findings, and identified indicators to support cybersecurity operations, reporting, and continuous improvement efforts.
• Provide cybersecurity training and awareness guidance to Information System Security Managers (ISSMs), system administrators, and end users on the identification, reporting, and escalation of suspicious or potentially malicious cyber activity.
• Participate in annual incident response tabletop and cybersecurity readiness exercises while assisting in the development of after-action reviews, lessons learned documentation, and process improvement recommendations.
• Ensure all cybersecurity operational activities, documentation, reporting, and incident response actions are performed in compliance with established government Standard Operating Procedures (SOPs) and required reporting timelines.
• Maintain, update, and manage cybersecurity documentation, including incident reports, after-action reviews, lessons learned, and operational records to support compliance, reporting, and continuous process improvement initiatives.

Required Skills, Qualifications, and Experience:

• Experience:
  
  
  
  • Minimum (5) years of relevant experience or related formal education.
  • Minimum (2) years of experience performing root cause analysis of cybersecurity events and incidents.
  • Minimum (2) years of experience analyzing network traffic and/or system logs.
  
  
  
  
• Skills and Knowledge:
  
  
  
  • Demonstrate strong written and verbal communication skills with the ability to effectively document, present, and brief cybersecurity incidents to technical teams, leadership, and designated stakeholders.
  • Possess working knowledge of at least two cybersecurity disciplines or operational areas of the following:
    
    
    
    • Firewall,
    • Vulnerability Management,
    • Device Hardening,
    • IDS/IPS,
    • Forensics,
    • Host based antivirus,
    • Malware Analysis.
    
    
    
    
  • Ability to apply Defense-in-Depth principles and layered cybersecurity strategies to support enterprise security operations.
  • Ability to develop, modify, and interpret scripts using languages such as Perl, Bash, PowerShell, Ruby, and Python.
  
  
  
  
• Security Clearance:
  
  
  
  • DoD Top Secret Clearance with SCI eligibility and IT-I access.
  
  
  
  
• Certifications:
  
  
  
  • DoD 8570 IAT Level II Certification or higher (one of the following):
    
    
    
    • CompTIA Security+ CE
    • CompTIA Cybersecurity Analyst (CySA+)
    • Systems Security Certified Practitioner (SSCP)
    • GIAC Security Essentials Certification (GSEC)
    • Cisco Certified Network Associate (CCNA)
    • Global Industrial Cyber Security Professional (GICSP).
    
    
    
    
  • Computing Environment Certification - DoD 8570 CSSP (one of the following):
    
    
    
    • Certified Ethical Hacker (CEH)
    • CompTIA Cybersecurity Analyst (CySA+)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Certified Forensic Analyst (GCFA)
    • CyberSec First Responder (CFR)
    • Certified SCADA Security Architect (SCYBER).
    
    
    
    
  
  
  
  

The projected salary range for this position is $85,000+ annually. Final compensation will be determined based on factors including years of relevant experience, active security clearance level, certifications, technical skillset, contract requirements, and overall qualifications.