DoW Cloud Computer Network Defense​/Def. Cyber Ops Engineer

Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years!

Tetrad Digital Integrity (TDI) is hiring an exceptional DoW Cloud CND / DCO (Computer Network Defense / Defensive Cyber Operations) Engineer to support defensive cyber operations for a mission-critical, cloud-hosted defense system that will be treated as a high-value target. This is a high-visibility engagement with frequent change, heavy stakeholder involvement, and a system operating under elevated adversary interest. This is not a “watch-the-console” role.

We need a team player who is a mission-focused decisive operator who can execute under pressure, coordinate cleanly with the CSSP, and continuously improve detection and response outcomes without hand-holding.

If you are a hands-on defender who can triage decisively, coordinate cleanly with a CSSP, automate away toil, and drive measurable detection/response improvements under pressure, we want to talk. Position will be on site most days in Washington, DC.

• Comply with the appropriate currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines.
• Coordinate with the CSSP to support near-real-time monitoring and analysis of insider and external threats during core business hours using security tools (e.g., SIEM, endpoint/EDR, firewall/network logs, cloud-native logging), dashboards/alerts, and custom-developed scripts.
• Support CSSP alerting workflows by triaging events, enriching context, escalating appropriately, and helping prioritize remediation using reliable threat intelligence.
• Perform continuous monitoring (Con Mon) activities including audit review, attack sensing and warning, intrusion/malware detection support, and recurring control-health checks aligned to program needs.
• Support and execute cyber incident response actions in coordination with the Government lead, including initial triage, evidence capture, containment recommendations, and recovery support.
• Coordinate response and recovery actions with external agencies/providers as needed (e.g., CSSP, CCMDs, platform providers) while ensuring actions are performed IAW applicable policies and instructions.
• Provide CNAP monitoring support as applicable (network monitoring, intrusion detection monitoring, authentication monitoring).
• Conduct intrusion research and vulnerability research to inform detection priorities, hardening actions, and risk-based remediation recommendations.
• Coordinate and deconflict activities for CSSP responses and red team responses; ensure findings translate into actionable improvements and trackable outcomes.
• Develop and maintain scripts, queries, and repeatable workflows (including responsible AI-enabled methods where appropriate) to automate labor-intensive monitoring, enrichment, evidence capture, and reporting tasks.
• Communicate clearly and concisely: produce incident summaries, technical findings, and stakeholder-ready updates with minimal editing in a high-tempo environment.

• Active DoD Secret or Top-secret clearance.
• Role required security certification such as: CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER.
• Demonstrated experience in CND/DCO operations (detection, triage, incident handling) supporting enterprise or mission environments.
• Cloud Sec Ops depth (GCP strongly preferred; AWS/Azure acceptable), including logging architecture, identity telemetry, and SIEM integration.
• Experience working with a CSSP (or SOC/CNDSP-equivalent) and operating within defined escalation, reporting, and coordination processes.
• Working proficiency with SIEM tooling, endpoint/EDR, firewall/network telemetry, identity/authentication logs, and cloud logging pipelines.
• Practical incident response capability: evidence handling, containment guidance, recovery support, and post-incident improvement.
• Strong writing and briefing skills: able to deliver precise, customer-ready outputs with minimal oversight.
• Demonstrated adoption of…