Threat Analyst - Digital Forensics & Incident Reponse

Dragonfli Group is a cybersecurity and IT consulting firm based in Washington, DC, serving clients across federal and commercial sectors. We deliver high-impact solutions in cybersecurity, cloud engineering, and digital modernization. Dragonfli consultants operate in hybrid, remote, and on-site environments on engagements ranging from 6 to 36 months.

We are seeking a Threat Analyst to support a critical Digital Forensics and Incident Response (DFIR) program at a large government agency. In this role, you will triage escalated security events, investigate potential threats, and correlate intelligence data to deliver actionable insights to stakeholders across the enterprise.

You’ll work alongside cyber and intelligence professionals to help maintain situational awareness, mitigate cyber risks, and advance the agency’s cybersecurity maturity. The position requires a strong background in incident response, detection engineering, and forensic analysis—as well as experience applying AI/ML concepts in SECOPS environments. Hands-on familiarity with Splunk, Sentinel One, Armis, and SNA is highly preferred.

This is a fully remote position. All work must be conducted from within the continental U.S. Candidates must be U.S. citizens or lawful permanent residents. 

Responsibilities

• Triage security escalations and detections to determine scope, severity, and root cause
• Monitor security events and threat feeds to identify patterns and indicators
• Conduct deep-dive forensic investigations into cyber incidents
• Analyze and synthesize threat data with other intelligence inputs
• Collaborate across teams to fuse threat insights into operational actions
• Recommend improvements to threat detection and response capabilities
• Provide technical documentation and briefing support to program leadership
• Stay current on emerging technologies and evolving threat actors

Must-have:

• 10+ years of cybersecurity experience
• Proven incident responder with hands-on DFIR responsibilities
• Experience integrating AI/ML into cyber operations or detection workflows
• Familiarity with one or more tools: Splunk, Sentinel One, Armis, SNA
• Strong written and verbal communication skills
• Able to explain complex technical issues to non-technical stakeholders

Preferred:

• Experience supporting cybersecurity programs within federal civilian agencies
• Exposure to intelligence-led threat modeling and cyber counterintelligence practices
• Knowledge of cross-functional security operations and team collaboration

• Insurance – health, dental, and vision
• PTO and 11 Federal Holidays
• 401(k) employer match