Cyber Network Defense Analyst (CNDA) IV – Cloud Forensics

Location: Remote / Onsite (as required)
Clearance: Active TS/SCI (DHS EOD eligibility required)
Company: Argo Cyber Systems, LLC - A Service-Disabled Veteran-Owned Small Business (SDVOSB)

Argo Cyber Systems delivers advanced cybersecurity and threat-hunting capabilities to safeguard federal and critical infrastructure environments. Our teams provide rapid incident response, digital forensics, proactive hunt operations, and continuous cyber defense across host-based, network-based, and cloud-based systems. We combine mission experience with innovation-empowering our customers to detect, disrupt, and defeat adversaries in real time.

Argo Cyber Systems is seeking Cyber Network Defense Analysts (CNDA) with deep Cloud Forensics expertise to support a high-visibility federal mission. The CNDA will lead advanced investigations into sophisticated intrusions across hybrid and multi-cloud environments, identifying attacker tactics, techniques, and procedures (TTPs), correlating artifacts, and driving containment and remediation actions in partnership with government cyber teams.

• →

  Conduct end-to-end forensic acquisition and analysis across on-premises, cloud, and hybrid environments (Azure AD/Entra ID, M365, AWS, GCP, SaaS).

• →

  Investigate identity-based and credential-abuse incidents targeting cloud control planes and hybrid identity infrastructure.

• →

  Correlate cloud telemetry (Azure Activity Logs, AWS CloudTrail, GCP Logs, VPC Flow Logs) and network evidence to reconstruct attacker timelines and validate indicators of compromise (IOCs).

• →

  Develop and deploy automated detection logic, threat-hunting scripts, and analytical playbooks using Microsoft Sentinel, Defender, AWS GuardDuty, and GCP Chronicle.

• →

  Produce comprehensive technical and executive-level reports, integrating findings across endpoints, networks, and cloud assets to inform threat containment and strategic recommendations.

• →

  Support continuous improvement of incident response procedures, forensics workflows, and threat-hunting operations.

• →

  Collaborate with Argo and government stakeholders to triage alerts, assess risk, and strengthen enterprise detection and response posture.

• U.S. Citizenship and active TS/SCI clearance (with ability to obtain DHS EOD Suitability).

• Minimum 8 years of hands-on experience conducting digital forensics and incident response (DFIR).

• Proven expertise in cloud forensics, identity security, and hybrid infrastructure defense.

• Proficiency in M365/Azure AD, AWS IAM, and SaaS investigative methodologies.

• Deep understanding of SaaS/PaaS/IaaS architectures, including common attack vectors and defensive measures.

• Skilled in evidence acquisition, volatile data capture, artifact analysis, and technical reporting.

• Scripting and automation proficiency in PowerShell, Python, Bash, or JavaScript.

• Familiarity with Terraform, Kubernetes, Docker, CloudFormation, or Azure Resource Manager for automation and orchestration.

• Understanding of MITRE ATT&CK for Cloud and adversary emulation techniques.

• Strong communication and collaboration skills for working across multidisciplinary teams.

• Bachelor's Degree in Computer Science, Cybersecurity, Computer Engineering, or a related field
  or

• High School Diploma and 10+ years of directly relevant DFIR experience.

• GIAC Cloud Defender (GCLD), GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP

• AWS and Microsoft security/cloud certifications (e.g., Azure Security Engineer, AWS Security Specialty)

At Argo, you'll be part of a mission-driven, veteran-founded cybersecurity team protecting America's most critical systems. We combine hands-on technical excellence with operational precision to outpace the threat. Join us to defend, detect, and innovate at the cyber edge.