Cyber Network Defense Analyst III

Nightwing is a cybersecurity and intelligence services provider focused on securing the nation's infrastructure. The position is part of the DHS Hunt and Incident Response Team (HIRT) as a prime contractor, supporting front‑line incident response and proactive hunting for malicious cyber activity.

• Correlate forensic findings to network events to develop an intrusion narrative.
• Collect and document system state information (e.g., running processes, network connections) prior to imaging, as required.
• Perform forensic triage of an incident to determine scope, urgency, and potential impact.
• Track and document forensic analysis from initial participation through resolution.
• Coordinate with government staff and customer personnel to validate and investigate alerts or additional preliminary findings.
• Conduct analysis of forensic images and available evidence for forensic write‑ups and reports.
• Assist in documenting and publishing Computer Network Defense (CND) guidance and incident reports.
• Coordinate with enterprise‑wide cyber defense staff to validate network alerts.
• Document and elevate incidents that may cause ongoing or immediate impact to the environment.
• Perform event correlation to gain situational awareness and determine the effectiveness of observed attacks.
• Provide daily summary reports of network/host events and activity relevant to cyber defense practices.
• Analyze network and host alerts from various sources to determine possible causes.
• Provide timely detection, identification, and alerting of potential attacks, intrusions, anomalous activities, and misuse activities, distinguishing them from benign events.
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
• Analyze identified malicious activity to determine exploited weaknesses, methods, and effects on systems and information.
• Identify and analyze anomalies in network traffic using metadata.
• Identify applications and operating systems of network devices based on network traffic.
• Identify network mapping and OS fingerprinting or other baselining activities.
• Assist in constructing signatures for cyber defense network tools to respond to new or observed threats.

• U.S. Citizenship.
• Active TS/SCI clearance.
• Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) suitability.
• 5+ years of experience in cyber defense analysis using leading‑edge technologies and industry‑standard tools.
• Ability to create forensically sound duplicates of evidence (forensic images).
• Ability to author cyber investigative reports documenting digital forensics findings.
• Proficiency in analysis and characterization of cyber attacks.
• Skilled in identifying different classes of attacks and attack stages.
• Understanding of system and application security threats and vulnerabilities.
• Understanding of proactive analysis of systems and networks.
• Ability to work collaboratively across physical locations.
• Action‑oriented with a proactive approach to problem solving.
• Proficiency with common operating systems (Linux/Unix, Windows).
• Experience implementing incident handling methodologies.

• Understanding of SaaS, PaaS, and IaaS in the cloud environment.
• Proficiency with one or more EDR tools:
  Crowd Strike, Sentinel One, Cortex, MS MDE, or Trellix.
• Proficiency with two or more host‑forensics tools:
  EnCase, FTK, X‑Ways, Sleuth Kit/Autopsy, SIFT, Volatility.
• Proficiency with KAPE, Wire Shark, Splunk, Elastic, and all‑source research.

BS in Computer Science, Cyber Security, Computer Engineering, or related field; or HS Diploma with 7‑9 years of network/host investigations experience. Desired certifications include GCFE, GCFA, GCLD, GCPS, GCPN, GWEB, GIRD, GREM, GNFA, GCIH, GCIA, GSEC, Kubernetes Security Specialist, Microsoft 365 and Azure certifications, AWS certifications, SANS Cloud Courses (SEC
541, SEC
584, SEC
588), GSEC (SANS
401), Network+, Security+, CEH.

Nightwing is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.