Responsibilities:
• Conduct forensic acquisition and analysis from on-premises and cloud platforms (Entra ID/Azure AD, M365, AWS, GCP, SaaS) to identify compromise activity, persistence mechanisms, and data exfiltration.
• Investigate and respond to incidents and attacks targeting cloud and hybrid identity.
• Correlate cloud control-plane events and network telemetry (e.g., Azure Activity Logs, AWS CloudTrail, VPC Flow Logs) to reconstruct attacker timelines, validate IOCs, and identify post-compromise privilege escalation.
• Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators.
• Produce technical reports, incident documentation, and containment recommendations integrating cloud, identity, and endpoint findings; support development of incident response playbooks and procedures for cloud and hybrid environments.
• Support cloud development and automation projects to enhance threat emulation, investigative, and hunting capabilities.
• Coordinate with internal teams, government staff, and external stakeholders to validate alerts and investigate preliminary findings. Required Skills:
• U.S. Citizenship
• Active TS/SCI clearance
• Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
• 5+ years of experience in cyber forensic investigations with leading tools and techniques.
• Strong understanding of SaaS, PaaS, and IaaS in cloud environments, and hybrid identity security.
• Expertise in acquiring forensically sound evidence, analyzing attacks, and reporting findings.
• Knowledge of M365/Azure, hybrid identity, and threats targeting these solutions.
• Knowledge of AWS, IAM, and best practices for cloud identity security. Desired Skills:
• Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection.
• Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats.
• Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker). Required Education:
BS in Computer Science, Cybersecurity, Computer Engineering, or related field; OR HS Diploma with 7+ years relevant experience. Desired Certifications:
GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS or Microsoft Cloud/Security certifications
• Conduct forensic acquisition and analysis from on-premises and cloud platforms (Entra ID/Azure AD, M365, AWS, GCP, SaaS) to identify compromise activity, persistence mechanisms, and data exfiltration.
• Investigate and respond to incidents and attacks targeting cloud and hybrid identity.
• Correlate cloud control-plane events and network telemetry (e.g., Azure Activity Logs, AWS CloudTrail, VPC Flow Logs) to reconstruct attacker timelines, validate IOCs, and identify post-compromise privilege escalation.
• Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators.
• Produce technical reports, incident documentation, and containment recommendations integrating cloud, identity, and endpoint findings; support development of incident response playbooks and procedures for cloud and hybrid environments.
• Support cloud development and automation projects to enhance threat emulation, investigative, and hunting capabilities.
• Coordinate with internal teams, government staff, and external stakeholders to validate alerts and investigate preliminary findings. Required Skills:
• U.S. Citizenship
• Active TS/SCI clearance
• Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
• 5+ years of experience in cyber forensic investigations with leading tools and techniques.
• Strong understanding of SaaS, PaaS, and IaaS in cloud environments, and hybrid identity security.
• Expertise in acquiring forensically sound evidence, analyzing attacks, and reporting findings.
• Knowledge of M365/Azure, hybrid identity, and threats targeting these solutions.
• Knowledge of AWS, IAM, and best practices for cloud identity security. Desired Skills:
• Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection.
• Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats.
• Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker). Required Education:
BS in Computer Science, Cybersecurity, Computer Engineering, or related field; OR HS Diploma with 7+ years relevant experience. Desired Certifications:
GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS or Microsoft Cloud/Security certifications
Responsibilities:
• Conduct forensic acquisition and analysis from on-premises and cloud platforms (Entra ID/Azure AD, M365, AWS, GCP, SaaS) to identify compromise activity, persistence mechanisms, and data exfiltration.
• Investigate and respond to incidents and attacks targeting cloud and hybrid identity.
• Correlate cloud control-plane events and network telemetry (e.g., Azure Activity Logs, AWS CloudTrail, VPC Flow Logs) to reconstruct attacker timelines, validate IOCs, and identify post-compromise privilege escalation.
• Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators.
• Produce technical reports, incident documentation, and containment recommendations integrating cloud, identity, and endpoint findings; support development of incident response playbooks and procedures for cloud and hybrid environments.
• Support cloud development and automation projects to enhance threat emulation, investigative, and hunting capabilities.
• Coordinate with internal teams, government staff, and external stakeholders to validate alerts and investigate preliminary findings. Required Skills:
• U.S. Citizenship
• Active TS/SCI clearance
• Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
• 5+ years of experience in cyber forensic investigations with leading tools and techniques.
• Strong understanding of SaaS, PaaS, and IaaS in cloud environments, and hybrid identity security.
• Expertise in acquiring forensically sound evidence, analyzing attacks, and reporting findings.
• Knowledge of M365/Azure, hybrid identity, and threats targeting these solutions.
• Knowledge of AWS, IAM, and best practices for cloud identity security. Desired Skills:
• Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection.
• Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats.
• Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker). Required Education:
BS in Computer Science, Cybersecurity, Computer Engineering, or related field; OR HS Diploma with 7+ years relevant experience. Desired Certifications:
GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS or Microsoft Cloud/Security certifications
• Conduct forensic acquisition and analysis from on-premises and cloud platforms (Entra ID/Azure AD, M365, AWS, GCP, SaaS) to identify compromise activity, persistence mechanisms, and data exfiltration.
• Investigate and respond to incidents and attacks targeting cloud and hybrid identity.
• Correlate cloud control-plane events and network telemetry (e.g., Azure Activity Logs, AWS CloudTrail, VPC Flow Logs) to reconstruct attacker timelines, validate IOCs, and identify post-compromise privilege escalation.
• Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators.
• Produce technical reports, incident documentation, and containment recommendations integrating cloud, identity, and endpoint findings; support development of incident response playbooks and procedures for cloud and hybrid environments.
• Support cloud development and automation projects to enhance threat emulation, investigative, and hunting capabilities.
• Coordinate with internal teams, government staff, and external stakeholders to validate alerts and investigate preliminary findings. Required Skills:
• U.S. Citizenship
• Active TS/SCI clearance
• Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
• 5+ years of experience in cyber forensic investigations with leading tools and techniques.
• Strong understanding of SaaS, PaaS, and IaaS in cloud environments, and hybrid identity security.
• Expertise in acquiring forensically sound evidence, analyzing attacks, and reporting findings.
• Knowledge of M365/Azure, hybrid identity, and threats targeting these solutions.
• Knowledge of AWS, IAM, and best practices for cloud identity security. Desired Skills:
• Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection.
• Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats.
• Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker). Required Education:
BS in Computer Science, Cybersecurity, Computer Engineering, or related field; OR HS Diploma with 7+ years relevant experience. Desired Certifications:
GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS or Microsoft Cloud/Security certifications
Government Careers
Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
MORE JOBS
-
Sr. Client Service Leader - U.S. Air Force
- Erie, Pennsylvania
- CDM Smith
- Jul 01, 2026
-
Air Interdiction Agent New Hire Sign-On Incentives
- Tracy, California
- U.S. Customs and Border Protections
- Jul 01, 2026
-
Lead Engineer for Navy Undersea Warfare C2
- Manassas, Virginia
- Progeny Systems (Acquired by General Dynamics)
- Jul 01, 2026
-
Posting Security Guard - PT weekend mornings
- Ashburn, Virginia
- Allied Universal
- Jul 01, 2026
-
Traveling Traffic and Lighting Trainee/Technician
- Bowling Green, Kentucky
- Davis H Elliot Co.
- Jul 01, 2026
-
Advocate Worker
- Decatur, Illinois
- Limitless Decatur
- Jul 01, 2026