Cyber Defense Analyst (Mid-Level)

Position Overview

ICS (A Redhawk Company) is seeking a Mid-Level Cyber Defense Analyst to support a long-term federal cybersecurity program in the Washington, DC area. This role operates within a 24/7 Watch Team environment, providing real-time monitoring, incident response, and threat analysis across enterprise systems.

The ideal candidate will have hands-on experience in cyber defense operations, incident handling, and forensic analysis, with the ability to quickly assess and respond to emerging threats in a mission-critical environment.

Key Responsibilities

• Monitor, detect, and respond to cybersecurity incidents in a 24/7 operations environment
• Perform incident triage, including determining scope, urgency, and impact
• Analyze logs from multiple sources (network, host, firewall, IDS) to identify threats
• Conduct real-time incident response, including forensic collection and remediation support
• Correlate incident data to identify vulnerabilities and recommend mitigation strategies
• Track and document incidents from initial detection through resolution
• Perform cyber defense trend analysis and reporting
• Collect and analyze intrusion artifacts (e.g., malware, trojans, source code)
• Support Incident Response Teams (IRTs) with technical analysis and response actions
• Coordinate with intelligence teams to align threat data and assessments
• Monitor external threat intelligence sources (CERT, vendor advisories, security feeds)
• Apply defense-in-depth strategies to strengthen enterprise security posture

Required Qualifications

• Bachelor’s degree or higher
• 5+ years of experience in one or more of the following:
  • Malware analysis
  • Digital forensics
  • Network/data analysis
  • Penetration testing
  • Information assurance / incident handling
• Experience working in a 24x7 SOC or Watch Team environment
• Strong understanding of:
  • Cyber threat actors (insider, nation-state, non-state actors)
  • Cyber attack lifecycle (reconnaissance through exploitation and persistence)
  • Incident response methodologies and frameworks
  • Networking protocols (TCP/IP, DNS, web, mail services)
• Experience with intrusion detection and prevention technologies
• Ability to support incident response in cloud environments
• Strong written and verbal communication skills
• Active Secret clearance or ability to obtain

Required Certifications (Must Have or Obtain Within 3 Months)

One of the following:

• GCIH
• CEH
• CISSP
• GISF
• CERT-CSIH

Preferred Qualifications

• Experience with malware identification, containment, and reporting
• Knowledge of digital forensics and evidence integrity standards
• Experience securing enterprise network communications
• Familiarity with vulnerability classification and attack methodologies
• Hands-on experience with:
  • SIEM / security event correlation tools
  • NIPS / IDS / anti-malware solutions
• Experience performing damage assessments and impact analysis
• Familiarity with OWASP Top 10 and application security risks
• Experience supporting cloud-based incident response environments

Program Overview

This role supports a U.S. Government civilian agency delivering enterprise-level cybersecurity services, including continuous monitoring, incident response, and threat intelligence. The team operates in a high-tempo, mission-focused environment dedicated to protecting critical systems from evolving cyber threats.

Why Join ICS

At ICS, you’ll help engineer the detection and response capabilities that defend mission-critical federal systems. This role offers hands-on influence over how cyber threats are detected, analyzed, and neutralized—combining development, automation, and operational security in a high-impact national security environment.