Security Engineer III, Exploitation Analyst / Incident Responder (TS Clearance)
Job Description
Security Engineer III, Exploitation Analyst / Incident Responder with an active Top Secret clearance and SCI eligibility is a key member of Deloitte's Cyber Defense & Resilience team in Arlington, VA. This onsite role focuses on monitoring for indicators of compromise, investigating incidents, evaluating vulnerabilities, and analyzing malware to strengthen security across enterprise environments.
Responsibilities
- Continuously monitor networks, systems, and applications for signs of compromise and correlate threat data to detect malicious activity.
- Investigate security incidents by collecting and examining logs, memory artifacts, and network traffic, supporting containment, eradication, and recovery efforts.
- Identify and assess vulnerabilities across assets and recommend risk-based remediation actions considering exploitability.
- Analyze malware, exploits, and adversary tooling, including reverse engineering where appropriate and simulating attacker techniques in controlled environments.
- Prepare technical reports, briefings, and documentation that summarize findings, methodologies, and recommendations for stakeholders.
Requirements
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related technical field.
- Active Top-Secret Clearance with SCI eligibility.
- 2+ years of experience in cyber exploitation analysis, threat intelligence, or incident response.
- 2+ years of experience analyzing advanced persistent threats, malware, exploitation techniques, and reverse engineering tools such as IDA Pro or Ghidra.
- 2+ years of experience performing vulnerability assessments, penetration testing, or red team activities.
- 2+ years of experience with network traffic analysis, log analysis, digital forensics, Windows, Linux, macOS, common network protocols, scripting languages (Python, PowerShell, or Bash), and security monitoring tools (SIEM, IDS, IPS, or EDR).
- Ability to travel up to 20% on average based on client needs and project assignments.
- Willingness to work onsite with clients or at Deloitte offices for up to five days per week.
- Industry certifications such as GIAC, CISSP, or CompTIA Security+ are required.
- Must be legally authorized to work in the United States without employer sponsorship now or in the future.
Technologies
- IDA Pro
- Ghidra
- Python
- PowerShell
- Bash
- SIEM
- IDS
- IPS
- EDR
- Windows
- Linux
- macOS
- MITRE ATT&CK
Benefits
- Discretionary annual incentive program, subject to program rules, based on individual and organizational performance.
The Team
Deloitte's Cyber Defense & Resilience offering helps clients defend against advanced threats by transforming security operations, enhancing monitoring technologies, leveraging data analytics, and utilizing threat intelligence. The team supports dynamic attack surfaces and delivers rapid crisis and cyber incident response to ensure clients can prepare for, respond to, and recover from business disruptions.
Wage Range
Salary for this role is USD 102,500 to 188,900 annually. The range reflects factors such as skills, experience, licensure, certifications, and business needs, and is not adjusted for location-based differences where the role may be filled.
Preferred Qualifications
- Experience supporting incident response in government, defense, intelligence, or large enterprise environments.
- Experience analyzing packet captures, memory dumps, and host-based forensic artifacts.
- Experience mapping threat activity to the MITRE ATT&CK framework.
- Experience developing or tuning detections for SIEM or EDR platforms.
- Industry certifications such as GIAC, CISSP, or CompTIA Security+.