ARGO Cyber Systems, LLC
Cyber Network Defense Analyst (CNDA) IV – Cloud Forensics
ARGO Cyber Systems, LLC, Arlington, Virginia, United States, 22201
Cyber Network Defense Analyst (CNDA) - Cloud Forensics
Location:
Remote / Onsite (as required) Clearance:
Active TS/SCI (DHS EOD eligibility required) Company:
Argo Cyber Systems, LLC - A Service-Disabled Veteran-Owned Small Business (SDVOSB) About Argo Cyber Systems
Argo Cyber Systems delivers advanced cybersecurity and threat-hunting capabilities to safeguard federal and critical infrastructure environments. Our teams provide rapid incident response, digital forensics, proactive hunt operations, and continuous cyber defense across host-based, network-based, and cloud-based systems. We combine mission experience with innovation-empowering our customers to detect, disrupt, and defeat adversaries in real time. Position Overview
Argo Cyber Systems is seeking
Cyber Network Defense Analysts (CNDA)
with deep
Cloud Forensics
expertise to support a high-visibility federal mission. The CNDA will lead advanced investigations into sophisticated intrusions across hybrid and multi-cloud environments, identifying attacker tactics, techniques, and procedures (TTPs), correlating artifacts, and driving containment and remediation actions in partnership with government cyber teams. Key Responsibilities
Conduct end-to-end
forensic acquisition and analysis
across on-premises, cloud, and hybrid environments (Azure AD/Entra ID, M365, AWS, GCP, SaaS).
Investigate identity-based and credential-abuse incidents targeting
cloud control planes and hybrid identity infrastructure .
Correlate
cloud telemetry
(Azure Activity Logs, AWS CloudTrail, GCP Logs, VPC Flow Logs) and
network evidence
to reconstruct attacker timelines and validate indicators of compromise (IOCs).
Develop and deploy
automated detection logic , threat-hunting scripts, and analytical playbooks using
Microsoft Sentinel, Defender, AWS GuardDuty, and GCP Chronicle .
Produce comprehensive
technical and executive-level reports , integrating findings across endpoints, networks, and cloud assets to inform threat containment and strategic recommendations.
Support continuous improvement of
incident response procedures, forensics workflows, and threat-hunting operations .
Collaborate with Argo and government stakeholders to triage alerts, assess risk, and strengthen enterprise detection and response posture.
Required Qualifications
U.S. Citizenship
and
active TS/SCI clearance
(with ability to obtain DHS EOD Suitability).
Minimum
8 years
of hands-on experience conducting digital forensics and incident response (DFIR).
Proven expertise in
cloud forensics, identity security, and hybrid infrastructure
defense.
Proficiency in
M365/Azure AD, AWS IAM, and SaaS
investigative methodologies.
Deep understanding of
SaaS/PaaS/IaaS architectures , including common attack vectors and defensive measures.
Skilled in evidence acquisition, volatile data capture, artifact analysis, and technical reporting.
Desired Qualifications
Scripting and automation proficiency in
PowerShell, Python, Bash, or JavaScript .
Familiarity with
Terraform, Kubernetes, Docker, CloudFormation, or Azure Resource Manager
for automation and orchestration.
Understanding of
MITRE ATT&CK for Cloud
and adversary emulation techniques.
Strong communication and collaboration skills for working across multidisciplinary teams.
Education
Bachelor's Degree
in Computer Science, Cybersecurity, Computer Engineering, or a related field or
High School Diploma
and
10+ years
of directly relevant DFIR experience.
Preferred Certifications
GIAC Cloud Defender (GCLD), GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP
AWS and Microsoft security/cloud certifications (e.g., Azure Security Engineer, AWS Security Specialty)
Why Argo Cyber Systems
At Argo, you'll be part of a mission-driven, veteran-founded cybersecurity team protecting America's most critical systems. We combine hands-on technical excellence with operational precision to outpace the threat. Join us to defend, detect, and innovate at the cyber edge.
#J-18808-Ljbffr
Location:
Remote / Onsite (as required) Clearance:
Active TS/SCI (DHS EOD eligibility required) Company:
Argo Cyber Systems, LLC - A Service-Disabled Veteran-Owned Small Business (SDVOSB) About Argo Cyber Systems
Argo Cyber Systems delivers advanced cybersecurity and threat-hunting capabilities to safeguard federal and critical infrastructure environments. Our teams provide rapid incident response, digital forensics, proactive hunt operations, and continuous cyber defense across host-based, network-based, and cloud-based systems. We combine mission experience with innovation-empowering our customers to detect, disrupt, and defeat adversaries in real time. Position Overview
Argo Cyber Systems is seeking
Cyber Network Defense Analysts (CNDA)
with deep
Cloud Forensics
expertise to support a high-visibility federal mission. The CNDA will lead advanced investigations into sophisticated intrusions across hybrid and multi-cloud environments, identifying attacker tactics, techniques, and procedures (TTPs), correlating artifacts, and driving containment and remediation actions in partnership with government cyber teams. Key Responsibilities
Conduct end-to-end
forensic acquisition and analysis
across on-premises, cloud, and hybrid environments (Azure AD/Entra ID, M365, AWS, GCP, SaaS).
Investigate identity-based and credential-abuse incidents targeting
cloud control planes and hybrid identity infrastructure .
Correlate
cloud telemetry
(Azure Activity Logs, AWS CloudTrail, GCP Logs, VPC Flow Logs) and
network evidence
to reconstruct attacker timelines and validate indicators of compromise (IOCs).
Develop and deploy
automated detection logic , threat-hunting scripts, and analytical playbooks using
Microsoft Sentinel, Defender, AWS GuardDuty, and GCP Chronicle .
Produce comprehensive
technical and executive-level reports , integrating findings across endpoints, networks, and cloud assets to inform threat containment and strategic recommendations.
Support continuous improvement of
incident response procedures, forensics workflows, and threat-hunting operations .
Collaborate with Argo and government stakeholders to triage alerts, assess risk, and strengthen enterprise detection and response posture.
Required Qualifications
U.S. Citizenship
and
active TS/SCI clearance
(with ability to obtain DHS EOD Suitability).
Minimum
8 years
of hands-on experience conducting digital forensics and incident response (DFIR).
Proven expertise in
cloud forensics, identity security, and hybrid infrastructure
defense.
Proficiency in
M365/Azure AD, AWS IAM, and SaaS
investigative methodologies.
Deep understanding of
SaaS/PaaS/IaaS architectures , including common attack vectors and defensive measures.
Skilled in evidence acquisition, volatile data capture, artifact analysis, and technical reporting.
Desired Qualifications
Scripting and automation proficiency in
PowerShell, Python, Bash, or JavaScript .
Familiarity with
Terraform, Kubernetes, Docker, CloudFormation, or Azure Resource Manager
for automation and orchestration.
Understanding of
MITRE ATT&CK for Cloud
and adversary emulation techniques.
Strong communication and collaboration skills for working across multidisciplinary teams.
Education
Bachelor's Degree
in Computer Science, Cybersecurity, Computer Engineering, or a related field or
High School Diploma
and
10+ years
of directly relevant DFIR experience.
Preferred Certifications
GIAC Cloud Defender (GCLD), GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP
AWS and Microsoft security/cloud certifications (e.g., Azure Security Engineer, AWS Security Specialty)
Why Argo Cyber Systems
At Argo, you'll be part of a mission-driven, veteran-founded cybersecurity team protecting America's most critical systems. We combine hands-on technical excellence with operational precision to outpace the threat. Join us to defend, detect, and innovate at the cyber edge.
#J-18808-Ljbffr