Host Based Systems Analyst III

About ARSIEM Corporation At ARSIEM Corporation we are committed to fostering a proven and trusted partnership with our government clients.  We provide support to multiple agencies across the United States Government.  ARSIEM has an experienced workforce of qualified professionals committed to providing the best possible support. As demand increases, ARSIEM continues to provide reliable and cutting-edge technical solutions at the best value to our clients.  That means a career packed with opportunities to grow and the ability to have an impact on every client you work with. ARSIEM is looking for a Cyber Network Defense Analyst (CNDA) with Cloud Forensics experience. This position will support one of our Government clients in Arlington, VA. Clearance Requirement: This position requires an Active TS/SCI clearance and the ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability. Candidate Referral: Do you know someone who would be GREAT at this role? If you do, ARSIEM has a way for you to earn a bonus through our referral program for persons presenting NEW (not in our resume database) candidates who are successfully placed on one of our projects. The bonus for this position is $3,500,  and the referrer is eligible to receive the sum for any applicant we place within 12 months of referral. The bonus is paid after the referred employee reaches 6 months of employment. ARSIEM is proud to be an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class. Responsibilities Conduct forensic acquisition and analysis from on-premises and cloud platforms (Entra ID/Azure AD, M365, AWS, GCP, SaaS) to identify compromise activity, persistence mechanisms, and data exfiltration. Investigate and respond to incidents and attacks targeting cloud and hybrid identity. Correlate cloud control-plane events and network telemetry (e.g., Azure Activity Logs, AWS CloudTrail, VPC Flow Logs) to reconstruct attacker timelines, validate IOCs, and identify post-compromise privilege escalation. Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators. Produce technical reports, incident documentation, and containment recommendations integrating cloud, identity, and endpoint findings; support development of incident response playbooks and procedures for cloud and hybrid environments. Support cloud development and automation projects to enhance threat emulation, investigative, and hunting capabilities. Coordinate with internal teams, government staff, and external stakeholders to validate alerts and investigate preliminary findings. Minimum Qualifications BS in Computer Science, Cybersecurity, Computer Engineering, or related field; OR HS Diploma with 7+ years relevant experience. 5+ years of experience in cyber forensic investigations with leading tools and techniques. Strong understanding of SaaS, PaaS, and IaaS in cloud environments and hybrid identity security. Expertise in acquiring forensically sound evidence, analyzing attacks, and reporting findings. Knowledge of M365/Azure, hybrid identity, and threats targeting these solutions. Knowledge of AWS, IAM, and best practices for cloud identity security. Preferred Qualifications Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection. Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats. Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker). GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS, or Microsoft Cloud/Security certifications.

{
  "content_hash": "b8dbc6e7e4cde077c1634f1c732a95c3d47c4511f9e3645eb6eac0a595caa8df",
  "source_hash": "3304d2070f3be2e0ceb707507e0abdd279922b04a28cb87400eea8bdd55713af",
  "last_changed_at": "2026-05-29T07:08:33.097Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Arlington, VA",
    "city": "Arlington",
    "region": "VA",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.9
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T18:44:29.842Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "Arlington, VA",
      "city": "Arlington",
      "region": "VA",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": null,
  "workplace_type": "on_site",
  "salary_currency": null
}

{}

{
  "lists": [
    {
      "text": "Responsibilities",
      "content": "\n<li>Conduct forensic acquisition and analysis from on-premises and cloud platforms (Entra ID/Azure AD, M365, AWS, GCP, SaaS) to identify compromise activity, persistence mechanisms, and data exfiltration.</li>\n<li>Investigate and respond to incidents and attacks targeting cloud and hybrid identity.</li>\n<li>Correlate cloud control-plane events and network telemetry (e.g., Azure Activity Logs, AWS CloudTrail, VPC Flow Logs) to reconstruct attacker timelines, validate IOCs, and identify post-compromise privilege escalation.</li>\n<li>Develop and operationalize detection logic and automation using cloud-native tools (Microsoft Defender, Sentinel, AWS GuardDuty, GCP Chronicle) and scripting (PowerShell, Python, Bash), integrating threat intelligence feeds and indicators.</li>\n<li>Produce technical reports, incident documentation, and containment recommendations integrating cloud, identity, and endpoint findings; support development of incident response playbooks and procedures for cloud and hybrid environments.</li>\n<li>Support cloud development and automation projects to enhance threat emulation, investigative, and hunting capabilities.</li>\n<li>Coordinate with internal teams, government staff, and external stakeholders to validate alerts and investigate preliminary findings.</li>\n"
    },
    {
      "text": "Minimum Qualifications",
      "content": "\n<li>BS in Computer Science, Cybersecurity, Computer Engineering, or related field; OR HS Diploma with 7+ years relevant experience.</li>\n<li>5+ years of experience in cyber forensic investigations with leading tools and techniques.</li>\n<li>Strong understanding of SaaS, PaaS, and IaaS in cloud environments and hybrid identity security.</li>\n<li>Expertise in acquiring forensically sound evidence, analyzing attacks, and reporting findings.</li>\n<li>Knowledge of M365/Azure, hybrid identity, and threats targeting these solutions.</li>\n<li>Knowledge of AWS, IAM, and best practices for cloud identity security.</li>\n"
    },
    {
      "text": "Preferred Qualifications",
      "content": "\n<li>Strong API and scripting skills (PowerShell, Python, Bash, JavaScript) for automation and threat detection.</li>\n<li>Knowledge of common and advanced cloud attacks and techniques, and how to detect and mitigate these threats.</li>\n<li>Proficiency with cloud automation and orchestration tools (Terraform, Kubernetes, CloudFormation, Azure Resource Manager, Docker).</li>\n<li>GCLD, GCFR, GCFA, GCFE, GCIH, EnCE, CCE, CFCE, CISSP, CCSP, AWS, or Microsoft Cloud/Security certifications.</li>\n"
    }
  ],
  "country": "US",
  "createdAt": 1761270568051,
  "updatedAt": null,
  "categories": {
    "team": "0008-0003",
    "location": "Arlington, VA",
    "commitment": "Full-time",
    "department": "Systems Analyst",
    "allLocations": [
      "Arlington, VA"
    ]
  },
  "salaryRange": null,
  "workplaceType": "onsite"
}