Defensive Security Analyst

About

We’re hiring a Defensive Security Analyst to join a small, high-impact security operations team doing serious work in a classified (TS/SCI) environment.

This isn’t a checkbox role. You’ll be hands‑on — triaging incidents, building detections, hunting threats, and writing automation that actually makes the team faster. If you’ve come up through security ops or detection engineering and want to work on infrastructure that matters, read on.

What you’ll be doing

• Rotating through on‑call IR shifts, triaging tickets and driving incidents to resolution
• Analyzing alerts from Splunk and custom platforms — separating signal from noise
• Building and maintaining detection logic across AWS and Linux infrastructure
• Running threat hunting exercises across network segments to surface existing compromises
• Conducting host, memory, and network forensics in support of active investigations
• Writing automation to accelerate triage and response workflows
• Onboarding new log sources and engineering detection coverage for new infra components
• Collaborating with cloud infrastructure and ops teams in a high‑side environment
• Producing clear, concise incident summaries for senior stakeholders

What we’re looking for

• 2–5 years in incident response, security operations, or detection engineering
• Active TS/SCI clearance (or eligibility for reinstatement) — non‑negotiable
• Comfortable on Linux and in AWS environments
• Hands‑on with Splunk or similar SIEM platforms
• Bonus: memory forensics, threat hunting, or systems engineering background

Comp & logistics

• $145,000–$200,000 base salary
• RSUs potential sign‑on bonus
• On‑site in Washington, D.C. (near Georgetown) — SCIF access required within 1 hour when on call
• Relocation assistance considered for the right candidate
• US work authorization required; visa sponsorship not available