Cyber Defense Operator

Cyber Defense Operations Analyst
Location: On-site at Lackland, AFB
Clearance Required: Active TS/SCI
Experience Level: Junior Level (with relevant technical experience)

About the Opportunity

TEKsystems is supporting a high-visibility Cyber Defense Operations (CDO) mission responsible for defending one of the largest and most complex networks in the Department of Defense. Analysts provide 24/7 real-time monitoring, detection, and response against advanced cyber threats, working within a highly collaborative, mission-critical environment.
This role is ideal for professionals passionate about hands-on security operations, intrusion detection, threat analysis, and incident triage-especially those with SOC experience and advanced digital forensics knowledge.

What You'll Work On

• Investigate endpoint security alerts using tools such as Tanium and Microsoft Defender for Endpoint.
• Analyze security events using SIEM, EDR, IDS, and malware analysis platforms to triage and complete cyber investigations.
• Triage and resolve high-volume alerts (700+ annually), ensuring accurate classification of malicious, benign, or contained activity.
• Detect and validate threat activity-including live Red Team engagements-to strengthen defensive cyber operations.
• Research emerging threats, adversary TTPs, and apply intelligence to improve SOC detection capabilities.
• Tune detection logic to reduce false positives and identify emerging cyber behaviors.
• Conduct continuous 24/7 network monitoring to identify intrusions across DoD-monitored environments.
• Mentor junior analysts, refine SOPs, and support training as a qualified instructor for Cyber Defense Operator processes and tools.

Nature of the Work (Core Responsibilities)

• Review IDS/IPS alerts and conduct host-based security monitoring in alignment with AFCERT Operating Instructions.
• Analyze logs, traffic, and host-based events to determine intrusion scope and required escalation.
• Use SIEM and IDS platforms to correlate suspicious activity with network-level data and DoD intelligence resources (e.g., Big Data Platform).
• Document all investigative activity using mission case management systems with a high level of accuracy.
• Generate mission reports, shift handoffs, performance metrics, and operational summaries.
• Support Air Force units with cybersecurity guidance related to vulnerability management and risk reduction.
• Provide tailored analysis during contingency operations, named missions, and cyber defense exercises.
• Execute scoped endpoint actions to identify compromised accounts, files, domains, processes, or registry artifacts.
• Perform approved response actions to contain threats and disrupt malicious activity.
• Analyze threat intelligence (IoCs, TTPs, vulnerabilities) mapped to the MITRE ATT&CK Framework.
• Maintain situational awareness and communicate operational updates to the Mission Lead and Crew Commander.
• Conduct periodic security checks of the facility and initiate emergency protocols as needed.
• Participate in mission planning, debriefs, detection tuning, and continuous process improvement.

Required Qualifications

Clearance

• Active TS/SCI clearance (mandatory for mission access)

Experience

• Experience in Cybersecurity, SOC operations, Incident Response, or Network Defense
• Familiarity with:
  • Intrusion detection/IPS systems (DoD experience preferred)
  • SIEM tools and event analysis
  • Endpoint detection/forensics concepts
  • TCP/IP, DNS, OSI model, and common network protocols (FTP, SMTP, HTTP, etc.)
• Strong analytical skills and ability to work in a fast-paced, 24/7 operations environment
• Understanding of MITRE ATT&CK framework and how it applies to detection engineering

Certifications

(Not all required, but highly valued and make candidates especially competitive)

• GCFA, GCIH, GCIA, Sec+, CYSA+, CEH, or other DoD 8570-approved certifications
• Any digital forensics or incident response certification is a strong differentiator for this role

Technical Skill Areas

• IDS/IPS monitoring
• SIEM log analysis
• Endpoint detection tools
• Incident triage and documentation
• Threat intel interpretation (IoCs, TTPs, vulnerabilities)
• Understanding of enterprise-scale defensive cyber operations

Job Type & Location
This is a Contract position based out of San Antonio, TX.
Pay and Benefits
The pay range for this position is $40.00 - $55.00/hr.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: Medical, dental & vision Critical Illness, Accident, and Hospital 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available Life Insurance (Voluntary Life & AD&D for the employee and dependents) Short and long-term disability Health Spending Account (HSA) Transportation benefits Employee Assistance Program Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a fully onsite position in San Antonio,TX.
Application Deadline
This position is anticipated to close on Mar 9, 2026.
>About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

About TEKsystems and TEKsystems Global Services

We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.