Threat Management Specialist (Tier 2) - Remote

Overview

Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, DC, delivering strategic solutions to government agencies and enterprise clients nationwide. We specialize in advanced threat detection, incident response, and the integration of emerging technologies such as AI and machine learning to enhance security operations. Our teams operate in diverse work environments—including on-site, hybrid, and fully remote—on contracts ranging from several months to multiple years.

We are seeking a Threat Management Specialist (Tier 2) to join our Cybersecurity Operations Center (CSOC) team. This role focuses on deep-dive incident analysis, correlating data across multiple sources, and determining the potential impact to critical systems and data. The ideal candidate will have strong expertise in network traffic analysis, intrusion detection, and AI/ML-driven automation, along with hands-on experience using advanced security platforms and threat intelligence tools.

In Short

• Identify and assess cybersecurity problems, recommending and implementing mitigating controls.
• Analyze network traffic to detect exploits, intrusions, and anomalous activity.
• Recommend and fine-tune detection mechanisms for emerging threats.
• Serve as SME on network-based attacks, traffic analysis, and intrusion methodologies.
• Escalate and coordinate advanced incident investigations with other Threat Management team members.
• Execute operational processes for incident response and remediation efforts.
• Utilize AI/ML tools to enhance threat detection, automate triage, and improve SOC efficiency.
• Perform threat intelligence analysis, adapting defenses using ML-enhanced techniques.
• Manage email security platforms (e.g., ProofPoint) and respond to phishing or targeted attacks.
• Monitor and respond to alerts across platforms including Microsoft Defender suite, Azure Entra ID, and Google Cloud SCC.

Requirements

• 3+ years of IT security experience, including exposure to AI/ML projects in cybersecurity.
• 2+ years of experience in network traffic analysis and intrusion detection/prevention.
• Strong understanding of TCP/IP, Boolean logic, network exploits, and threat management techniques.
• Experience with IDS/IPS technologies, architectures, and signature creation.
• Proficiency in Splunk, FirePower, ProofPoint, SentinelOne, and Microsoft Defender security suite.
• Hands-on experience with SOAR platforms and automation in SOC environments.
• Knowledge of cloud security (AWS, Azure, GCP).
• Proficiency in using ML frameworks for anomaly detection, threat intelligence, and behavioral analysis.
• Skills in data preprocessing, feature engineering, and working with large, complex security datasets.
• Bachelor’s degree in Computer Science, Information Technology, or related field.

Benefits

• Insurance – health, dental, and vision
• Paid Time Off (PTO) and 11 Federal Holidays
• 401(k) employer match