Cyber Network Defense Analyst; CNDA IV – Cloud Forensics

Cyber Network Defense Analyst (CNDA) - Cloud Forensics

Location: Remote / Onsite (as required)
Clearance: Active TS/SCI (DHS EOD eligibility required)
Company: Argo Cyber Systems, LLC - A Service-Disabled Veteran-Owned Small Business (SDVOSB)

Argo Cyber Systems delivers advanced cybersecurity and threat-hunting capabilities to safeguard federal and critical infrastructure environments. Our teams provide rapid incident response, digital forensics, proactive hunt operations, and continuous cyber defense across host-based, network-based, and cloud-based systems. We combine mission experience with innovation-empowering our customers to detect, disrupt, and defeat adversaries in real time.

Argo Cyber Systems is seeking Cyber Network Defense Analysts (CNDA) with deep Cloud Forensics expertise to support a high-visibility federal mission. The CNDA will lead advanced investigations into sophisticated intrusions across hybrid and multi-cloud environments, identifying attacker tactics, techniques, and procedures (TTPs), correlating artifacts, and driving containment and remediation actions in partnership with government cyber teams.

• Conduct end-to-end forensic acquisition and analysis across on-premises, cloud, and hybrid environments (Azure AD/Entra , M365, AWS, GCP, SaaS).
• Investigate identity-based and credential-abuse incidents targeting cloud control planes and hybrid identity infrastructure
  .
• Correlate cloud telemetry (Azure Activity Logs, AWS Cloud Trail, GCP Logs, VPC Flow Logs) and network evidence to reconstruct attacker timelines and validate indicators of compromise (IOCs).
• Develop and deploy automated detection logic
  , threat-hunting scripts, and analytical playbooks using Microsoft Sentinel, Defender, AWS Guard Duty, and GCP Chronicle
  .
• Produce comprehensive technical and executive-level reports
  , integrating findings across endpoints, networks, and cloud assets to inform threat containment and strategic recommendations.
• Support continuous improvement of incident response procedures, forensics workflows, and threat-hunting operations
  .
• Collaborate with Argo and government stakeholders to triage alerts, assess risk, and strengthen enterprise detection and response posture.

• U.S. Citizenship and active TS/SCI clearance (with ability to obtain DHS EOD Suitability).
• Minimum 8 years of hands-on experience conducting digital forensics and incident response (DFIR).
• Proven expertise in cloud forensics, identity security, and hybrid infrastructure defense.
• Proficiency in M365/Azure AD, AWS IAM, and SaaS investigative methodologies.
• Deep understanding of SaaS/PaaS/IaaS architectures
  , including common attack vectors and defensive measures.
• Skilled in evidence acquisition, volatile data capture, artifact analysis, and technical reporting.

• Scripting and automation proficiency in Power Shell, Python, Bash, or Java Script .
• Familiarity with Terraform, Kubernetes, Docker, Cloud Formation, or Azure Resource Manager for automation and orchestration.
• Understanding of MITRE ATT&CK for Cloud and adversary emulation techniques.
• Strong communication and collaboration skills for working across multidisciplinary teams.

• Bachelor's Degree in Computer Science, Cybersecurity, Computer Engineering, or a related field
• High School Diploma and 10+ years of directly relevant DFIR experience.

• GIAC Cloud Defender (GCLD), GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP
• AWS and Microsoft security/cloud certifications (e.g., Azure Security Engineer, AWS Security Specialty)

At Argo, you'll be part of a mission-driven, veteran-founded cybersecurity team protecting America's most critical systems. We combine hands-on technical excellence with operational precision to outpace the threat. Join us to defend, detect, and innovate at the cyber edge.