Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, DC, delivering strategic solutions to government agencies and enterprise clients nationwide. We specialize in advanced threat detection, incident response, malware analysis, and integrating Artificial Intelligence (AI) and Machine Learning (ML) into SOC operations. Our teams operate in diverse work environments—including on-site, hybrid, and fully remote—on contracts ranging from several months to multiple years.
We are seeking a Threat Management Specialist (Tier 3) to serve as a senior Cybersecurity Operations Center (CSOC) analyst, focusing on the detection, containment, and remediation of advanced persistent threats (APT) and other sophisticated adversary campaigns. The ideal candidate will have expertise in malware analysis, reverse engineering, and network intrusion investigations, with a proven ability to integrate AI/ML-driven detection capabilities into security workflows. This role operates Monday–Friday, 7:00 AM to 4:00 PM.
This role is a hybrid role that requires on-site presence approximately 2-3 days/week in Mooresville, NC.
Key Responsibilities:
- Detect and analyze complex intrusion attempts, including APT behaviors across multiple attack vectors.
- Conduct malware containment, remediation, and reverse engineering to determine entry methods, attack intent, and potential impact.
- Perform packet analysis and create custom monitoring policies and signatures in detection tools.
- Investigate command-and-control (C2) communications, malicious attachments, and URLs.
- Generate Indicators of Compromise (IOCs) and perform advanced threat hunting using Splunk Cloud/ES, SentinelOne Deep Visibility, and other platforms.
- Manage and respond to security alerts across Microsoft Defender for Cloud Apps, Endpoint, Office 365, Azure Entra ID, and Google Cloud Security Command Center.
- Utilize AI/ML-based tools for anomaly detection, triage automation, and enhanced threat intelligence.
- Collaborate with data scientists and engineers to embed AI-driven detection into security infrastructure.
- Work with law enforcement partners when necessary to hand off investigative findings.
- Support SOC automation and orchestration through AI/ML and SOAR integration.
Required Skills & Qualifications:
- 3+ years in IT operations and 3+ years in incident response, malware analysis, or threat hunting.
- Advanced knowledge of APT detection, mitigation, and adversary tradecraft.
- Proficiency in static and live malware analysis, binary disassembly, and reverse engineering.
- Strong understanding of TCP/IP, network security architecture, IDS/IPS signatures, and anomaly detection.
- Hands-on experience with SentinelOne, Splunk ES/SOAR, ServiceNow IR, ProofPoint, Sourcefire, AWS, Azure, Okta, and O365.
- Familiarity with DMARC, DKIM, SPF, and cloud security integrations (Azure/O365/Google Cloud).
- Experience investigating targeted intrusions through complex network environments.
- Proficiency in developing automation and AI/ML use cases in a SOC context.
- Bachelor’s degree in Computer Science, Information Technology, or related field.
- Certifications such as GCIH, CEH, ECIH, GREM (or equivalent) preferred.
Schedule: Monday – Friday, 7:00 AM to 4:00 PM