Technical Cybersecurity Analyst-US Citizens ONLY Federal

Job Description

Job Summary

We are seeking a highly skilled and motivated Technical Cybersecurity Analyst to join our Cybersecurity team. The ideal candidate will bring hands-on experience across multiple cybersecurity domains including Vulnerability Management, Incident Response, and Penetration Testing. This role requires a proactive and analytical thinker with a strong

technical foundation to detect, respond to, and prevent cyber threats.

Key Responsibilities

Vulnerability Management:

Conduct regular vulnerability scans using Nessus.

Analyze and prioritize vulnerabilities based on criticality and exposure.

Work with infrastructure and development teams to track remediation and verify fixes.

Incident Response:

Assist in handling security incidents through identification, containment, eradication, recovery, and lessons learned.

Perform root cause analysis using available tools.

Maintain and refine incident response runbooks and playbooks.

Penetration Testing:

Perform penetration tests on internal and external assets including networks and applications.

Identify misconfigurations, exploit vulnerabilities, and demonstrate potential impacts.

Document findings and assist teams in implementing remediation measures.

Desired Certifications (any of the ones below)

SANS / GIAC Certifications:

GCIH – GIAC Certified Incident Handler

GCIA – GIAC Certified Intrusion Analyst

GPEN – GIAC Penetration Tester

Other Recognized Certifications:

OSCP – Offensive Security Certified Professional

CEH – Certified Ethical Hacker

Technical Stack & Tools

Monitoring & Detection:

Zeek, PAN – Network protocol analysis and traffic monitoring

Splunk – SIEM for real-time alerting and correlation

CrowdStrike Falcon – Endpoint detection and threat hunting

Carbon Black – Endpoint and behavior-based analytics

Vulnerability Management:

- Nessus – Vulnerability scanning and risk assessment

Penetration Testing & Red Teaming:

- Burp Suite – Web application vulnerability scanning and testing

- Metasploit – Exploitation framework

- Nmap – Network scanning and host discovery

- Cobalt Strike – Red teaming and adversary simulation

- Kali Linux – Security auditing and pen-testing tools

- BloodHound – Active Directory attack path analysis

Scripting & Automation:

- Python – Custom scripts, automation, and data parsing

- PowerShell – Windows incident response and automation

- Bash – Linux scripting and automation

Full-time