Cyber Network Defense Analyst (CNDA) IV - Cloud Forensics

Cyber Network Defense Analyst (CNDA) IV – Cloud Forensics

Cyber Network Defense Analyst (CNDA) - Cloud Forensics

Location: Remote / Onsite (as required) Clearance: Active TS/SCI (DHS EOD eligibility required) Company: Argo Cyber Systems, LLC - A Service-Disabled Veteran-Owned Small Business (SDVOSB)

About Argo Cyber Systems

Argo Cyber Systems delivers advanced cybersecurity and threat-hunting capabilities to safeguard federal and critical infrastructure environments. Our teams provide rapid incident response, digital forensics, proactive hunt operations, and continuous cyber defense across host-based, network-based, and cloud-based systems. We combine mission experience with innovation-empowering our customers to detect, disrupt, and defeat adversaries in real time.

Position Overview

Argo Cyber Systems is seeking Cyber Network Defense Analysts (CNDA) with deep Cloud Forensics expertise to support a high-visibility federal mission. The CNDA will lead advanced investigations into sophisticated intrusions across hybrid and multi-cloud environments, identifying attacker tactics, techniques, and procedures (TTPs), correlating artifacts, and driving containment and remediation actions in partnership with government cyber teams.

Key Responsibilities

• Conduct end-to-end forensic acquisition and analysis across on-premises, cloud, and hybrid environments (Azure AD/Entra ID, M365, AWS, GCP, SaaS).
• Investigate identity-based and credential-abuse incidents targeting cloud control planes and hybrid identity infrastructure.
• Correlate cloud telemetry (Azure Activity Logs, AWS CloudTrail, GCP Logs, VPC Flow Logs) and network evidence to reconstruct attacker timelines and validate indicators of compromise (IOCs).
• Develop and deploy automated detection logic, threat-hunting scripts, and analytical playbooks using Microsoft Sentinel, Defender, AWS GuardDuty, and GCP Chronicle.
• Produce comprehensive technical and executive-level reports, integrating findings across endpoints, networks, and cloud assets to inform threat containment and strategic recommendations.
• Support continuous improvement of incident response procedures, forensics workflows, and threat-hunting operations.
• Collaborate with Argo and government stakeholders to triage alerts, assess risk, and strengthen enterprise detection and response posture.

Required Qualifications

• U.S. Citizenship and active TS/SCI clearance (with ability to obtain DHS EOD Suitability).
• Minimum 8 years of hands-on experience conducting digital forensics and incident response (DFIR).
• Proven expertise in cloud forensics, identity security, and hybrid infrastructure defense.
• Proficiency in M365/Azure AD, AWS IAM, and SaaS investigative methodologies.
• Deep understanding of SaaS/PaaS/IaaS architectures, including common attack vectors and defensive measures.
• Skilled in evidence acquisition, volatile data capture, artifact analysis, and technical reporting.

Desired Qualifications

• Scripting and automation proficiency in PowerShell, Python, Bash, or JavaScript.
• Familiarity with Terraform, Kubernetes, Docker, CloudFormation, or Azure Resource Manager for automation and orchestration.
• Understanding of MITRE ATT&CK for Cloud and adversary emulation techniques.
• Strong communication and collaboration skills for working across multidisciplinary teams.

Education

• Bachelor's Degree in Computer Science, Cybersecurity, Computer Engineering, or a related field or High School Diploma and 10+ years of directly relevant DFIR experience.

Preferred Certifications

• GIAC Cloud Defender (GCLD), GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP
• AWS and Microsoft security/cloud certifications (e.g., Azure Security Engineer, AWS Security Specialty)

Why Argo Cyber Systems

At Argo, you'll be part of a mission-driven, veteran-founded cybersecurity team protecting America's most critical systems. We combine hands-on technical excellence with operational precision to outpace the threat. Join us to defend, detect, and innovate at the cyber edge.