We’re Hiring

Visual Connections, LLC seeking a Sr. Cyber Defense Analyst.

Onsite (Martinsburg, WV) 

At Visual Connections, cybersecurity is part of a broader suite of capabilities designed to help government and commercial customers modernize and secure their operations. Our offerings include program and portfolio management, AI/automation, UX engineering, enterprise app development, data analytics, and telecom infrastructure. Proudly veteran-owned, our teams deliver robust cyber defense—threat detection, incident response, continuous monitoring—alongside agile IT and data services. If you seek to grow in a collaborative, mission-centered culture, partnering with agencies like DoD, HHS, CMS, and CDC, Visual Connections is your place to drive real impact.

Job Summary

As a Sr. Cyber Defense Analyst supporting the Department of Veterans Affairs, you will serve as a critical leader in the design, development, and operationalization of advanced cybersecurity monitoring and detection capabilities. In this role, you’ll configure and tune a range of security monitoring tools—including Splunk, Microsoft Sentinel, Defender for Endpoint, and SOAR platforms—to identify and respond to sophisticated cyber threats in real time. Your responsibilities will include crafting custom detection logic and queries, mapping threat activity to the MITRE ATT&CK framework, and applying machine learning and pattern analysis to strengthen defenses. You’ll play a key role in onboarding new data sources, developing detection playbooks, and ensuring high-quality, actionable security analytics across VA’s cloud, SaaS, identity, and networking environments. You’ll collaborate with incident response, forensics, and threat intelligence teams, providing expert guidance and clear communication to both technical and non-technical stakeholders. By participating in cyber exercises and regularly assessing the efficacy of analytics and automation, you’ll help maintain a resilient and proactive security posture for the VA making a direct impact on protecting veteran data and government systems.

Responsibilities

• Configure monitoring tools to detect threat actor techniques and/or behavioral indicators

• Craft custom search queries using Splunk (SPL), as well as Microsoft Defender for Endpoint and Microsoft Sentinel (KQL)

• Provide subject matter expertise to support security detections in one of the following areas:

• Cloud technologies

• SaaS

• Identity and access management

• Networking

• Splunk

• EDR

• Map security detections to the MITRE ATT&CK Framework

• Research and develop configuration recommendations to facilitate operationalization of new data sources for detection of adversarial activities

• Use machine learning and pattern analysis to improve detection of specific types of threats

• Collaborate effectively with cross-functional teams, including incident response, forensics, threat intelligence, IT, and network administrators

• Clearly communicate technical information and detection-related updates to management and stakeholders

• Develop and operationalize advanced security analytics to detect and respond to sophisticated cyber threats in near real-time

• Develop and implement detection feedback processes - e.g., tuning false positives, decommissioning, etc.

• Ensure completeness and consistency regarding data quality of detections

• Monitor the performance of security analytics and automation processes regularly, identifying areas for improvement and taking proactive measures to enhance their efficacy

• Leverage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate detection and incident response, including enrichment, containment, and remediation actions

• Support the operationalization of new security detections, including building reference documentation, investigation guidelines, and tuning considerations

• Stay informed about the latest cybersecurity threats, trends, and best practices

• Actively participate in cybersecurity exercises, drills, and simulations to improve incident response understanding

Requirements

• Candidates must possess a professional level certification in one of the following subject areas:

• Cloud (ex: GLCD, GCFR)

• Detection engineering (ex: GCDA)

• Incident Response/Forensics (ex: GCIH, GCFE, GNFA)

• IDAM (ex: Microsoft Identity and Access Administrator Associate)

• SIEM (ex: Splunk Power User)

• Bachelor's degree in computer science, cybersecurity, information technology, or a related field (or equivalent work experience)

• 8+ years of experience supporting large-scale IT related projects

• 4+ years of experience supporting incident response in an enterprise-level Security Operations Center (SOC)

• A deep understanding of cybersecurity principles, incident response methodologies, and a proactive mindset to ensure the SOC operates effectively in a high-pressure environment

• Strong experience with security technologies including SIEM, IDS/IPS, EDR, and network monitoring tools

• Experience with security focused cloud-native tooling such as Azure Sentinel and AWS GuardDuty

• Experience with enterprise ticketing systems like ServiceNow

• Excellent analytical and problem-solving skills

• Ability to work independently and in a team environment to identify errors, pinpoint root causes, and devise solutions with minimal oversight

• Ability to function in multiple capacities and learn quickly

• Strong verbal and written communication skills

Other Information:

Work locations: Onsite Martinsburg, WV