Senior Cybersecurity SME

As an employee at Partner Forces, you’ll join a team of consultants who share a passion for prioritizing collaboration, crafting solutions to mitigate risk, protecting critical infrastructure and helping our national security and industry partner tackle their most pressing challenges. At Partner Forces, we take our employees’ well-being and growth as seriously as we do our mission. You will be challenged every day, but we know that business and individual growth go hand-in-hand, so we offer a wide array of benefits that support the well-being and personal and professional development of our employees.

What we are looking for:

The Senior Cyber Analyst Subject Matter Expert (SME) will support the Cybersecurity and Infrastructure Security Agency (CISA) in designing and enhancing an improved incident response system. The ideal candidate will have deep expertise in cybersecurity, threat intelligence, and incident response, with a proven ability to develop and document repeatable SOPs and working instructions. This role plays a critical part in enabling CISA’s cybersecurity reporting and response initiatives, ensuring seamless coordination across the agency.

What you will do as a Senior Cyber Analyst SME:

Incident Analysis & Enrichment

• Analyze, enrich, and triage cybersecurity incident reports to add contextual detail.
• Identify and assess changing patterns, trends, technologies, Tactics, Techniques, and Procedures (TTPs).
• Correlate reported incidents to known threat campaigns, adversary groups, and vulnerabilities (e.g., zero-day exploits).

Operational & Strategic Support

• Assist in cyber analysis operations, ensuring adherence to CISA’s standard operating procedures, quality control standards, and best practices.
• Support federal employees in analyzing operational environments, identifying new threat activities, and providing key recommendations to leadership and the larger CISA analytic community.
• Collaborate with teams to ensure cohesive incident response and situational awareness.

Process & SOP Development

• Develop and maintain comprehensive Standard Operating Procedures (SOPs) and Working Instructions (WIs) for incident handling and cybersecurity reporting.
• Establish repeatable and effective processes for rapid threat identification, classification, and escalation.
• Conduct regular reviews and audits of existing SOPs and WIs to ensure alignment with evolving threats and organizational priorities.

Threat Intelligence Integration

• Integrate diverse threat intelligence sources (open-source, commercial, and classified) to enrich incident reports and vulnerability assessments.
• Leverage frameworks like MITRE ATT&CK and the NIST Cybersecurity Framework (CSF) to map threat behaviors and strengthen detection and response capabilities.
• Provide operationally relevant analysis of CIRCIA reporting for alignment to CISA priorities.

Communication & Coordination

• Prepare and deliver briefings, reports, and presentations to senior leadership and stakeholders on emerging threats, significant incidents, and recommended mitigation strategies.
• Foster a collaborative environment by sharing relevant threat intelligence and best practices across organizational lines.
• Support outreach efforts to federal, state, local, and private-sector partners to enhance overall cybersecurity posture.

Tool & Technology Expertise

• Identify and recommend enhancements to the incident response tool stack, including SIEM (e.g., Splunk, QRadar), Endpoint Detection and Response (EDR) solutions, Threat Intelligence Platforms (TIP) (e.g., MISP, ThreatConnect), and vulnerability management tools (e.g., Tenable Nessus, Qualys).
• Continuously evaluate cutting-edge cybersecurity technologies and make recommendations for implementation to bolster CISA’s incident response capabilities.

Qualifications:

• US Citizen (the nature of our contract requires employees be US citizens).
• Top Secret clearance required.
• At least 10 years of experience; 5-7 yeas of hands-on cybersecurity experience focused on threat analysis, threat intelligence, incident detection and incident response.
• Demonstrated success in investigating complex cybersecurity incidents and designing solutions for large-scale environments.
• Bachelor’s degree preferred.
• Strong analytical and problem-solving skills with the ability to conduct in-depth research and analysis.
• Excellent communication skills, both written and verbal, for reporting and stakeholder engagement.
• Proficiency in using cybersecurity frameworks and tools for forensic analysis.
• Experience in developing and documenting effective cybersecurity processes and procedures.
• Familiarity with emerging technologies and trends in cybersecurity.
• Strong understanding of network security principles and intrusion detection methodologies.
• Ability to identify and mitigate cybersecurity threats and vulnerabilities effectively.
• Hybrid / In-person at Arlington and Washington, DC locations.

Preferred Qualifications:

• Relevant certifications such as CISM, CEH, or GIAC.
• Experience with Mitre ATT&CK and other analytic frameworks.
• Experience in the energy sector or other critical infrastructure industries.