Host Based Systems Analyst III
Arlington, VA
Full Time
Professional Services
Experienced
Title: Host Based Systems Analyst III
Description:
Solutions³ LLC is supporting our prime contractor and their U.S. Government customer on a large mission-critical provide remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based, and cloud-based cybersecurity analysis capabilities. Personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. Solutions³ LLC is seeking Cyber Network Defense Analysts (CNDA) with Cloud Forensics experience to support this critical customer mission.
Eligibility:
Required Education: BS in Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 7+ years of relevant experience
Description:
Solutions³ LLC is supporting our prime contractor and their U.S. Government customer on a large mission-critical provide remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based, and cloud-based cybersecurity analysis capabilities. Personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. Solutions³ LLC is seeking Cyber Network Defense Analysts (CNDA) with Cloud Forensics experience to support this critical customer mission.
Eligibility:
- Must be a US Citizen
- Must have an active TS/SCI clearance
- Must be able to obtain DHS Suitability prior to starting employment
- 5+ years of direct relevant experience in cyber forensic investigations using leading tools and techniques
- Conduct forensic acquisition and analysis from on-premises and cloud platforms (Entra ID/Azure AD, M365, AWS, GCP, SaaS) to identify compromise activity, persistence mechanisms, and data exfiltration.
- Investigate and respond to incidents and attacks targeting cloud and hybrid identity.
- Correlate cloud control-plane events and network telemetry (e.g., Azure Activity Logs, AWS CloudTrail, VPC Flow Logs) to reconstruct attacker timelines, validate IOCs, and identify post-compromise privilege escalation.
- Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators.
- Produce technical reports, incident documentation, and containment recommendations integrating cloud, identity, and endpoint findings; support development of incident response playbooks and procedures for cloud and hybrid environments.
- Support cloud development and automation projects to enhance threat emulation, investigative, and hunting capabilities.
- Coordinate with internal teams, government staff, and external stakeholders to validate alerts and investigate preliminary findings.
- Strong understanding of SaaS, PaaS, and IaaS in cloud environments, and hybrid identity security.
- Expertise in acquiring forensically sound evidence, analyzing attacks, and reporting findings.
- Knowledge of M365/Azure, hybrid identity, and threats targeting these solutions.
- Knowledge of AWS, IAM, and best practices for cloud identity security.
- Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection.
- Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats.
- Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker).
Required Education: BS in Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 7+ years of relevant experience
Apply for this position
Required*