Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, DC, delivering strategic solutions to government agencies and enterprise clients nationwide. We specialize in advanced threat detection, incident response, and the integration of emerging technologies such as AI and machine learning to enhance security operations. Our teams operate in diverse work environments—including on-site, hybrid, and fully remote—on contracts ranging from several months to multiple years.
We are seeking a Threat Management Specialist (Tier 2) to join our Cybersecurity Operations Center (CSOC) team. This role focuses on deep-dive incident analysis, correlating data across multiple sources, and determining the potential impact to critical systems and data. The ideal candidate will have strong expertise in network traffic analysis, intrusion detection, and AI/ML-driven automation, along with hands-on experience using advanced security platforms and threat intelligence tools.
This role is a hybrid role that requires on-site presence approximately 2-3 days/week in Mooresville, NC.
There are two positions open for this role. The schedule for each is below:
Schedule 1: Mon - Fri: 7:00 AM to 4:00 PM EST
Schedule 2: Tues & Wed: 10:00 AM to 7:00 PM, Sat & Su: 10:00 AM to 10:30 PM EST
Key Responsibilities:
- Identify and assess cybersecurity problems, recommending and implementing mitigating controls.
- Analyze network traffic to detect exploits, intrusions, and anomalous activity.
- Recommend and fine-tune detection mechanisms for emerging threats.
- Serve as SME on network-based attacks, traffic analysis, and intrusion methodologies.
- Escalate and coordinate advanced incident investigations with other Threat Management team members.
- Execute operational processes for incident response and remediation efforts.
- Utilize AI/ML tools to enhance threat detection, automate triage, and improve SOC efficiency.
- Perform threat intelligence analysis, adapting defenses using ML-enhanced techniques.
- Manage email security platforms (e.g., ProofPoint) and respond to phishing or targeted attacks.
- Configure and manage Splunk, FirePower, and SentinelOne for proactive threat monitoring.
- Monitor and respond to alerts across platforms including Microsoft Defender suite, Azure Entra ID, and Google Cloud SCC.
- Tune security policies, improve detection capabilities, and support ongoing SOC process improvement.
- Stay informed on evolving threat landscapes, adversary tactics, and AI/ML advancements in cybersecurity.
- Identify and implement automation and AI use cases to strengthen SOC capabilities.
Required Skills & Qualifications:
- 3+ years of IT security experience, including exposure to AI/ML projects in cybersecurity.
- 2+ years of experience in network traffic analysis and intrusion detection/prevention.
- Strong understanding of TCP/IP, Boolean logic, network exploits, and threat management techniques.
- Experience with IDS/IPS technologies, architectures, and signature creation.
- Proficiency in Splunk, FirePower, ProofPoint, SentinelOne, and Microsoft Defender security suite.
- Hands-on experience with SOAR platforms and automation in SOC environments.
- Knowledge of cloud security (AWS, Azure, GCP).
- Proficiency in using ML frameworks for anomaly detection, threat intelligence, and behavioral analysis.
- Skills in data preprocessing, feature engineering, and working with large, complex security datasets.
- Strong communication, documentation, and stakeholder engagement skills.
- Bachelor’s degree in Computer Science, Information Technology, or related field.
- Industry certifications (GCED, GSEC, CISSP, SSCP) preferred.
Clearance Requirement: U.S. citizenship or lawful permanent residency required.
Benefits:
- Insurance – health, dental, and vision
- Paid Time Off (PTO) and 11 Federal Holidays
- 401(k) employer match