Dragonfli Group

The Threat Management Specialist will perform deep-dive investigations across threat surfaces, enhance detection rules, and guide remediation actions. They will also operationalize AI/ML and SOAR technologies to improve incident response speed and accuracy. | Candidates should have a BA or BS in a related field and at least 3 years of IT security experience, including exposure to AI/ML projects. Strong knowledge of network traffic analysis, threat management, and cybersecurity automation is essential. | Description Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. Dragonfli Group is hiring a Threat Management Specialist (Tier 2) to support a large federal agency in advancing its Cybersecurity Operations Center (CSOC). This is a remote, contract-based opportunity where your expertise will directly shape how federal systems respond to and defend against emerging cyber threats. In this role, you’ll be more than just a responder—you’ll be a force multiplier. You’ll perform deep-dive investigations across threat surfaces, enhance detection rules, and guide remediation actions. As part of a high-performance team, you’ll also have the unique opportunity to operationalize AI/ML and SOAR technologies to improve incident response speed and accuracy. This is the ideal role for a hands-on analyst who thrives on pattern recognition, continuous learning, and working with next-gen detection platforms like SentinelOne, Splunk, Microsoft Defender XDR, Proofpoint, and FirePower. Responsibilities: Identification of Cybersecurity problems which may require mitigating controls Analyze network traffic to identify exploit or intrusion related attempts Recommend detection mechanisms for exploit and or intrusion related attempts Provide subject matter expertise on network-based attacks, network traffic analysis, and intrusion methodologies Escalate items which require further investigation to other members of the Threat Management team Execute operational processes in support of response efforts to identified security incidents Utilize AI/ML-based tools and techniques to detect anomalies, automate incident triage, and improve threat intelligence Performing and analyzing threat intelligence to assess risk and adapt defenses using ML enhance tools Manage email security using ProofPoint, monitor for threats, and promptly respond to attacks Configure Splunk for log analysis, create alerts, and investigate security incidents diligently Set up FirePower for network monitoring, analyze traffic patterns, and enforce robust security measures Deploy Sentinel 1 agents efficiently, monitor alerts closely, and conduct thorough security assessments Monitoring, reviewing, and responding to security alerts and incidents across multiple platforms including Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra ID, and Google Cloud Security Command Center (SCC) Performing threat detection and analysis, investigating suspicious activity, coordinating incident response efforts, and implementing remediation actions Tuning security policies, maintaining visibility into cloud and endpoint environments, and supporting continuous improvement of the organization’s security posture Stay current on the latest cybersecurity trends, threat actors, and AI/ML research relevant to the field Identify and support automation use cases, including the use of AI/ML to enhance SOC capabilities. Collaborate across Operations to provide SOC enhancement capabilities through the use of automation and AI. Requirements Educational Requirements: BA or BS in Computer Science, Information Technology or related field One or more relevant certifications such as GIAC Certified Enterprise Defender (GCED), GIAC Certified Security Essentials (GSEC), CISSP, or SSCP desired Other Requirements: 3+ years IT security experience with at least some exposure to AI/ML projects 2+ years’ experience in network traffic analysis Strong working knowledge of: Boolean Logic TCP/IP Fundamentals Network Level Exploits Threat Management Knowledge of Control Frameworks and Risk Management techniques Excellent oral, written communication skills and excellent interpersonal and organizational skills Strong understanding of IDS/IPS technologies, trends, vendors, processes and methodologies Strong understanding of common IDS/IPS architectures and implementations Strong understanding of IDS/IPS signatures, content creation and signature characteristics including both signature and anomaly-based analysis and detection Experience with cloud security (AWS, Azure, GCP) Hands-on experience with cybersecurity automation (e.g., SOAR platforms). Proficiency in using machine learning frameworks to develop, train, and deploy models for anomaly detection, threat intelligence, and behavioral analysis in cybersecurity contexts. Skills in data analysis and feature engineering, with the ability to preprocess and transform large datasets from various sources (e.g., logs, network traffic) to extract relevant features for machine learning models aimed at identifying security incidents and vulnerabilities. Familiarity with the application of AI/ML techniques in cybersecurity, including but not limited to automated threat detection, incident response automation, and predictive analytics. Experience in evaluating the effectiveness of AI/ML solutions in a SOC environment is a plus. Understanding and experience identifying and implementing automation use cases. Skill(s) 3+ years of IT security experience, with exposure to AI/ML use cases 2+ years in deep network traffic or IDS/IPS analysis Experience with tools such as Splunk, Proofpoint, FirePower, SentinelOne, Microsoft Defender Suite Working knowledge of threat detection, Boolean logic, cloud security (AWS, Azure, GCP), and SOAR automation Skilled in analyzing logs, building detection features, and applying ML to enhance security outcomes Familiarity with frameworks like GCED, GSEC, CISSP, or SSCP is a plus Benefits Insurance - health, dental, vision PTO & 11 Federal Holidays 401(k), employer match Travel None

Implement and support encryption, DLP, and secure file sharing technologies while providing technical leadership and automating security processes. | Requires 3+ years in data security or cybersecurity engineering with experience in DLP, encryption tools, Microsoft enterprise environments, scripting with APIs, and knowledge of AI and Postgres SQL. | Description The Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, DC. We partner with both federal agencies and major commercial enterprises to deliver expert services in data protection, secure architecture, and digital modernization. Our teams work in diverse settings — on-site, hybrid, and fully remote — supporting projects that range from short-term engagements to multi-year programs. We are seeking a Data Security Specialist to support a remote contract with a large federal agency focused on digital infrastructure and secure data delivery. This role is ideal for someone who thrives in fast-moving environments, can work independently, and brings solid experience in encryption, data loss prevention (DLP), and cloud security architecture. You’ll support secure communication practices and help implement policies that ensure data integrity both at rest and in transit. This is a remote opportunity with occasional after-hours support. Candidates must be U.S. Citizens or Permanent Residents and must be able to demonstrate technical proficiency without the use of AI tools. Key Responsibilities Implement and support encryption, DLP, and secure file sharing technologies Analyze and recommend tools to protect data at rest and in motion Provide technical leadership on projects involving data security policy and tools Collaborate with IT teams and stakeholders to deliver enterprise data protection solutions Automate security processes using APIs and custom scripting Proactively communicate on known risks, patches, and security advisories Participate in moderate to complex project work with minimal supervision Perform upgrades, configuration, and integration of data security tools Offer escalation support for high-severity incidents Maintain knowledge of modern IT architecture, including AI technologies Requirements 3+ years in a data security, cloud security, or cybersecurity engineering role Experience administering and supporting, data loss protection, data encryption tools, email security, to include Cloud, Desktop, & File Share Encryption technologies. Significant internal and external file sharing and protection experience in a Microsoft enterprise environment. Strong understanding of artificial intelligence concepts and technologies. Provides data security guidance, recommendations, and best practices. Proficient in understanding the role of digital certificates and certificate authorities in ensuring secure communication over networks. Assist with data security component upgrades, installs, testing, and configuration. Provide a single point of contact and hands-on escalation and remediation for critical issues. Experienced in scripting with APIs to automate processes, integrate systems, and streamline data exchange between applications. Respond rapidly to unplanned events, including after-hours support when needed. Proactively communicate relevant technical information and alerts on known issues, hotfixes, new releases, etc. Working knowledge of operating system platforms, network protocols, and security architecture. Working knowledge of Postgres SQL. Experience integrating solutions with SIEM and developing knowledge objects and monitoring a plus. Skill(s) Data Loss Prevention (DLP) Email Security Tools (Cloud & On-Prem) File Share Encryption (e.g., Microsoft Azure, OneDrive, SharePoint) AI Technology Concepts Scripting with APIs Postgres SQL Network Protocols & Security Architecture Integration with SIEM Tools Benefits Insurance - health, dental, vision PTO & 11 Federal Holidays 401(k), employer match Travel None

Architect and maintain enterprise-grade Splunk environments while collaborating with various teams to ensure optimal system performance. Develop automation workflows and troubleshoot data challenges to enhance operational efficiency. | Candidates must have over 5 years of Splunk experience, including managing knowledge objects and writing complex queries. Strong problem-solving and communication skills are essential, along with a self-starter attitude. | Description Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, D.C. We provide expert services to clients across both government and commercial sectors, supporting projects that range from rapid assessments to multi-year digital transformation efforts. Our consultants work in on-site, hybrid, and remote environments based on client needs. We’re hiring a Splunk Cyber Security SME to drive visibility, automation, and security intelligence across one of the largest data environments in the federal space. This isn’t just a monitoring role — you’ll be at the heart of designing and engineering Splunk infrastructure that supports national-scale operations. From real-time telemetry and alerting to advanced dashboards and automations, your work will directly impact mission-critical decision making. If you’re ready to take on complex data challenges, work shoulder-to-shoulder with elite DevOps and Security teams, and engineer systems that scale — this role was built for you. This is a remote role (U.S. only) with potential occasional off-hours or weekend support. U.S. Citizenship or Permanent Residency is required. Responsibilities Architect and maintain enterprise-grade Splunk environments across on-prem and cloud platforms Create and manage knowledge objects, complex SPL queries, alerts, and dynamic dashboards Design and implement scalable data ingestion pipelines and parsing logic Collaborate with DevOps, Security, and Infrastructure teams to ensure optimal system performance Develop automation workflows and UI interfaces to enhance operational efficiency Troubleshoot data latency, availability, and integration challenges Support system maintenance, version upgrades, and environment hardening Contribute to technical mentorship and process documentation Requirements Must-Have: 5+ Years of Splunk Experience Required Manages knowledge objects (fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, and so on) – through automations, scripting, management server functions; to include .conf and .cfg files in scope of the last four Splunk Enterprise versions Experience with Splunk deployment and configuration management in large-scale environments Proficiency in writing complex Splunk queries, dashboards, and alerts using SPL (Search Processing Language) Experience with REST APIs for Splunk and external system integration Ability to analyze and troubleshoot complex data ingestion and parsing issues Designing and developing an automations workflow and dashboard interface for such Self-starter with a service-oriented mindset who will take action, find ways to solve problems, and move projects to conclusion independently Strong problem-solving skills and the ability to translate research insights into practical solutions that address real-world challenges. Strong communication and collaboration skills with the ability to articulate complex technical concepts to both technical and non-technical audiences. Experience in mentoring and guiding junior researchers or team members Preferred: Ability to leverage the Splunk AI Assistant and other AI tools to increase accuracy and efficiency of task and other deliverables Advanced knowledge of Unix/Linux and/or Windows systems administration and troubleshooting Strong scripting skills in Bash, Python, JavaScript, SQL and PowerShell for automation and integration tasks Experience with Splunk upgrades, patching, and performance tuning Proficiency in integrating Splunk with cloud platforms (AWS, GCP, Azure) Understanding of security and compliance requirements and implementation of role-based access controls (RBAC) in Splunk Strong knowledge of logging standards and best practices across application and infrastructure layers Extensive knowledge of defense-in-depth principles, Network and Security architecture, network topology, IT device integrity, and common security elements. Executes new projects as well as data and user onboarding Strong understanding of IT and Cyber industry standards and technologies to include such controls governed by NIST, FISMA, and FedRamp Experience installing and utilizing and developing with the Splunk App for Data Science and Deep Learning. Experience installing and utilizing and developing with the Splunk SOAR Automation toolset Experience or background in the Cybersecurity, Systems/Network Administration or Observability industry Skill(s) Must-have 5+ years of Splunk engineering experience in complex, high-volume environments Proficiency in SPL, knowledge object development, and configuration management Strong background in Linux/Unix systems administration Skilled in scripting languages (Python, Bash, PowerShell, etc.) Experience with REST APIs and external system integrations Ability to diagnose ingestion, parsing, and indexing issues at scale Self-driven problem solver with a consulting mindset and strong communication skills Preferred Qualifications Experience with Splunk AI Assistant, SOAR, and DSDL frameworks Familiarity with cloud services (AWS, Azure, GCP) and hybrid deployments Understanding of NIST, FISMA, FedRAMP, and other security frameworks Expertise in role-based access controls (RBAC), secure logging, and compliance Background in cybersecurity, observability, or infrastructure engineering Benefits Insurance - health, dental, vision PTO & 11 Federal Holidays 401(k), employer match Travel None

The Mainframe Security Specialist will provide technical expertise to support the migration of mainframe security from ACF2 to RACF. Responsibilities include analyzing current configurations, designing RACF structures, and collaborating with client teams for a smooth transition. | Candidates should have 7+ years of experience in mainframe security administration with proven expertise in ACF2 and RACF. A strong understanding of z/OS environments and experience with large-scale migrations is preferred. | Description Dragonfli Group is seeking a highly skilled Mainframe Security Specialist to support its migration project from ACF2 to RACF. This role will focus on providing subject matter expertise, hands-on technical support, and advisory services throughout the migration process. The ideal candidate will have strong experience with IBM mainframe environments and in-depth knowledge of both ACF2 and RACF security systems. Key Responsibilities Provide technical expertise to support the migration of mainframe security from ACF2 to RACF. Analyze current ACF2 configurations, rules, and security controls, and map them to RACF equivalents. Design, document, and implement RACF structures, access controls, and security policies. Collaborate with client teams to ensure smooth transition, testing, and validation of RACF implementation. Identify risks, troubleshoot issues, and provide recommendations for optimizing RACF performance and security posture. Provide knowledge transfer and training to client personnel as needed. Requirements 7+ years of experience in mainframe security administration. Proven expertise with both CA ACF2 and IBM RACF. Strong understanding of z/OS mainframe environments. Experience with large-scale migrations or conversions from ACF2 to RACF strongly preferred. Knowledge of compliance frameworks (e.g., NIST, PCI, SOX) in the context of mainframe security. Excellent problem-solving, documentation, and communication skills. Preferred Prior experience supporting financial institutions or highly regulated industries. Ability to work on-site in Pittsburgh is preferred; remote candidates will be considered. Skill(s) None Benefits Competitive salary based on experience. Health, dental, and vision insurance. 401(k) retirement plan with employer contribution. Paid time off (vacation, sick leave, holidays). Professional development opportunities and training. Exposure to high-profile enterprise migration projects. Career growth in cybersecurity and mainframe security. Travel None

The Cybersecurity Data Protection Engineer will protect organizational data from unauthorized access and develop IT security policies. The role involves administering encryption technologies and providing guidance on data security best practices. | Candidates must have a minimum of 3 years of experience in IT or cybersecurity with a focus on data protection. Familiarity with data encryption tools, scripting, and cloud service architectures is essential. | Description Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. We are seeking a Cybersecurity Data Protection Engineer to support a large federal agency in strengthening its data security posture. This is a contract-based role that will focus on implementing, maintaining, and enhancing data protection controls across cloud, desktop, email, and enterprise systems. The specialist will play a key role in protecting against unauthorized access, modification, or destruction of sensitive information. The role involves both independent and collaborative work, contributing to moderately complex projects and advising on best practices for safeguarding data at rest and in motion. The position requires flexibility, hands-on troubleshooting, and an openness to adopting emerging security technologies from diverse vendors. This is a remote role; however, there is a preference for candidates based in Morrisville, NC; Falls Church, VA; or Eagan, MN. Candidates must be U.S. citizens or lawful permanent residents and must be able to demonstrate technical proficiency independently and without the use of AI tools (i.e., inputting interview questions into an LLM and then answering those questions by reading the LLM generated output). Responsibilities Protect organizational data from unauthorized access, modification, or destruction. Develop and enforce IT security policies, standards, and procedures. Administer and support encryption technologies (Cloud, Desktop, Email, File Share). Provide guidance, recommendations, and best practices for data security. Manage and configure digital certificates and certificate authorities. Assist with upgrades, installations, testing, and configuration of data security components. Serve as a single point of escalation and remediation for critical data security issues. Script and automate tasks using APIs to integrate systems and streamline data exchange. Respond rapidly to unplanned incidents, including after-hours support when required. Proactively communicate alerts, technical updates, and vendor advisories. Collaborate with IT professionals and end users to design approved security solutions. Support integration with SIEM platforms; assist with knowledge objects and monitoring. Apply working knowledge of OS platforms, network protocols, and security architecture. Leverage Postgres SQL for queries, integration, and troubleshooting. Requirements Minimum 3 years of related IT or cybersecurity experience, with a focus on data protection. Experience administering and supporting data encryption tools across multiple platforms. Hands-on experience with scripting and APIs for automation and system integration. Familiarity with SIEM integration and monitoring best practices. Working knowledge of operating systems, network protocols, and security frameworks. Understanding of cloud service architectures and data protection at rest/in motion. Working knowledge of Postgres SQL. Skill(s) Experience administering and supporting data encryption tools, to include Cloud, Desktop, Email, & File Share Encryption technologies. Strong understanding of artificial intelligence concepts and technologies. Provides data security guidance, recommendations, and best practices. Proficient in understanding the role of digital certificates and certificate authorities in ensuring secure communication over networks. Assist with data security component upgrades, installs, testing, and configuration. Provide a single point of contact and hands-on escalation and remediation for critical issues. Experienced in scripting with APIs to automate processes, integrate systems, and streamline data exchange between applications. Respond rapidly to unplanned events, including after-hours support when needed. Proactively communicate relevant technical information and alerts on known issues, hotfixes, new releases, etc. Working knowledge of operating system platforms, network protocols, and security architecture. Working knowledge of Postgres SQL. Experience integrating solutions with SIEM and developing knowledge objects and monitoring a plus. Benefits Insurance - health, dental, vision PTO & 11 Federal Holidays 401(k), employer match Travel None