Cyber Defense Forensics Lead

Description

Tyto Athene is searching for a Cyber Defense Forensics Lead to support a law enforcement customer in Ashburn, VA. You will play a critical role in leading in-depth analyses and responding to incidents from cyber threats facing our clients. In addition to being our initial point of contact for end users, you will serve as the escalation point for other analysts, helping guide them through more complex and high-priority incidents.

Responsibilities:

Lead cross-functional teams to perform in-depth analysis and investigation of high-priority cybersecurity incidents

Utilize security tools to analyze, investigate, and triage security alerts

Coordinate the monitoring of our customers environments, including cloud and SaaS solutions for evidence of adversarial activity

Utilize advanced tools, such as digital forensics or malware analysis capabilities, to identify incidents' root causes, scope, and impact

Collaborate with cyber threat hunting and cyber threat intelligence teams

Serve as the primary incident point of contact with law enforcement, third-party vendors, and other external parties

Coordinating tasking from Federal leadership

Conduct post-incident analysis and lessons learned to identify improvement opportunities

Develop or tune detection rules or signatures to improve the effectiveness of security monitoring and collaborate with engineering teams to implement them

Accurately document triage findings, and intake reports of external cybersecurity events from SOC customers via phone or email in the SOCs Incident Management System(IMS)

Learn new open and closed-source investigative techniques

Perform research on emerging threats and vulnerabilities to aid their prevention and mitigation

Assist in developing and implementing initiatives that will enhance the SOC's performance (e.g., SOPs, playbooks, capability deployments)

Escalate SOC performance issues or risks to management

Provide guidance and mentorship to Tier 1 and Tier 2 SOC Analysts to enhance their skills and capabilities

Qualifications

Required:

Minimum of seven (7) years professional cybersecurity experience with strong expertise in incident response, insider threat investigations, forensics, and threat analysis.

Minimum of five (5) years hands-on security operations experience, with experience in the last two years including:

Host-based and network-based monitoring

Insider threat detection tools

Host-based forensic tools

SIEM platforms

Intrusion detection and analysis capabilities

Endpoint threat detection tools

Security operations ticketing tools

Proven experience identifying and analyzing anomalous security activities.

Demonstrated ability to create insider-threat dashboards, reports, and workflows.

Strong experience capturing evidence, documenting results, and escalating issues when necessary.

Experience mentoring and training junior team members.

Strong understanding of confidentiality, integrity, and availability (CIA triad) principles and best practices.

Desired:

CISSP - Certified Information Systems Security Professional

GCFA - GIAC Certified Forensic Analyst

GCFE - GIAC Certified Forensic Examiner

GREM - GIAC Reverse Engineering Malware

GNFA - GIAC Network Forensic Analyst

Clearance:

TS/SCI Clearance required

About Tyto Athene

Compensation:

Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.

Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains-Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT-empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide.

At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto?

Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.

Submit a Referral (

Location US-VA-Ashburn

ID 2025-1550

Category Cybersecurity

Position Type Full-Time