Host System Analyst

Overview

Title: Host Based Systems Analyst IV

Description: Our client provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. They are seeking experienced Cyber Network Defense Analysts (CNDA) with Cloud Forensics experience to provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity.

• Must be a US Citizen
• Must have an active TS/SCI clearance
• Must be able to obtain DHS Suitability prior to starting employment
• 8+ years of direct relevant experience in cyber forensic investigations using leading edge technologies and industry standard forensic tools

• Conduct forensic acquisition and analysis from on-premises and cloud platforms (Entra /Azure AD, M365, AWS, GCP, SaaS) to identify compromise activity, persistence mechanisms, and data exfiltration.

• Investigate and respond to incidents and attacks targeting cloud and hybrid identity.

• Correlate cloud control-plane events and network telemetry (e.g., Azure Activity Logs, AWS Cloud Trail, VPC Flow Logs) to reconstruct attacker timelines, validate IOCs, and identify post-compromise privilege escalation.

• Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS Guard Duty, GCP Chronicle) and scripting (Power Shell, Python, Bash), integrating threat intelligence feeds and indicators.

• Produce technical reports, incident documentation, and containment recommendations integrating cloud, identity, and endpoint findings, support development of incident response playbooks and procedures for cloud and hybrid environments.

• Support cloud development and automation projects to enhance threat emulation, investigative, and hunting capabilities.

• Coordinate with internal teams, government staff, and external stakeholders to validate alerts and investigate preliminary findings.

• Strong understanding of SaaS, PaaS, and IaaS in cloud environments, and hybrid identity security.

• Expertise in acquiring forensically sound evidence, analyzing attacks, and reporting findings.

• Knowledge of M365/Azure, hybrid identity, and threats targeting these solutions.

• Knowledge of AWS, IAM, and best practices for cloud identity security.

• Strong API and scripting skills (Power Shell, Python, Bash, JavaScript) for automation and threat detection.

• Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats.

• Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, Cloud Formation, Azure Resource Manager, Docker).

GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS or Microsoft Cloud/Security certifications.

BS Computer Science, Cybersecurity, Computer Engineering, or related degree; or HS Diploma and 10+ years of relevant experience