Who we are and why you should join us:

As a consultant at Partner Forces, you will serve as a trusted advisor to our clients’ day in and day out. You will have the opportunity to collaborate with your colleagues, our partners, and our clients to ideate, initiate and complete tasks, projects, and initiatives. You will work on mission-oriented projects, where you will bring forward actionable insights, solve complex problems, and thrive on delivering meaningful solutions.

Partner Forces is grounded in our core values of integrity, excellence, positivity, candor, determination, and teamwork. Our culture is a reflection of this, ensuring that we:

• Apply solution-oriented thinking to challenges and opportunities.
• Thrive by remaining agile and embracing change.
• Work to create an environment where everyone feels welcome and valued as teammates and contributors.
• Bring out the best in others by applying sound judgment and exuding principled genuineness.
• Embrace a continuous learning and growth mindset.
• Encourage an open dialogue even when it is hard.
• Continuously promoting teamwork and collaboration to achieve the best outcomes for our clients and teams.

As an employee at Partner Forces, you’ll join a team of consultants who share a passion for prioritizing collaboration, crafting solutions to mitigate risk, protecting critical infrastructure and helping our national security and industry partner tackle their most pressing challenges. At Partner Forces, we take our employees’ well-being and growth as seriously as we do our mission. You will be challenged every day, but we know that business and individual growth go hand-in-hand, so we offer a wide array of benefits that support the well-being and personal and professional development of our employees.

What we are looking for:

The Senior Cyber Analyst Subject Matter Expert (SME) will support the Cybersecurity and Infrastructure Security Agency (CISA) in designing and enhancing an improved incident response system. The ideal candidate will have deep expertise in cybersecurity, threat intelligence, and incident response, with a proven ability to develop and document repeatable SOPs and working instructions. This role plays a critical part in enabling CISA’s cybersecurity reporting and response initiatives, ensuring seamless coordination across the agency.

What you will do as a Senior Cyber Analyst SME:

• Incident Analysis & Enrichment
  • Analyze, enrich, and triage cybersecurity incident reports to add contextual detail.
  • Identify and assess changing patterns, trends, technologies, Tactics, Techniques, and Procedures (TTPs).
  • Correlate reported incidents to known threat campaigns, adversary groups, and vulnerabilities (e.g., zero-day exploits).
• Operational & Strategic Support
  • Assist in cyber analysis operations, ensuring adherence to CISA’s standard operating procedures, quality control standards, and best practices.
  • Support federal employees in analyzing operational environments, identifying new threat activities, and providing key recommendations to leadership and the larger CISA analytic community.
  • Collaborate with teams to ensure cohesive incident response and situational awareness.
• Process & SOP Development
  
  • Develop and maintain comprehensive Standard Operating Procedures (SOPs) and Working Instructions (WIs) for incident handling and cybersecurity reporting.
  • Establish repeatable and effective processes for rapid threat identification, classification, and escalation.
  • Conduct regular reviews and audits of existing SOPs and WIs to ensure alignment with evolving threats and organizational priorities.
    
• Threat Intelligence Integration
  
  • Integrate diverse threat intelligence sources (open-source, commercial, and classified) to enrich incident reports and vulnerability assessments.
  • Leverage frameworks like MITRE ATT&CK and the NIST Cybersecurity Framework (CSF) to map threat behaviors and strengthen detection and response capabilities.
  • Provide operationally relevant analysis of CIRCIA reporting for alignment to CISA priorities.
    
• Communication & Coordination
  
  • Prepare and deliver briefings, reports, and presentations to senior leadership and stakeholders on emerging threats, significant incidents, and recommended mitigation strategies.
  • Foster a collaborative environment by sharing relevant threat intelligence and best practices across organizational lines.
  • Support outreach efforts to federal, state, local, and private-sector partners to enhance overall cybersecurity posture.
    
• Tool & Technology Expertise
  
  • Identify and recommend enhancements to the incident response tool stack, including SIEM (e.g., Splunk, QRadar), Endpoint Detection and Response (EDR) solutions, Threat Intelligence Platforms (TIP) (e.g., MISP, ThreatConnect), and vulnerability management tools (e.g., Tenable Nessus, Qualys).
  • Continuously evaluate cutting-edge cybersecurity technologies and make recommendations for implementation to bolster CISA’s incident response capabilities.

Qualifications:

• US Citizen (the nature of our contract requires employees be US citizens).
• Top Secret clearance required.
• At least 10 years of experience; 5-7 yeas of hands-on cybersecurity experience focused on threat analysis, threat intelligence, incident detection and incident response. 
• Demonstrated success in investigating complex cybersecurity incidents and designing solutions for large-scale environments.
• Bachelor’s degree preferred.
• Strong analytical and problem-solving skills with the ability to conduct in-depth research and analysis.
• Excellent communication skills, both written and verbal, for reporting and stakeholder engagement.
• Proficiency in using cybersecurity frameworks and tools for forensic analysis.
• Experience in developing and documenting effective cybersecurity processes and procedures.
• Familiarity with emerging technologies and trends in cybersecurity.
• Strong understanding of network security principles and intrusion detection methodologies.
• Ability to identify and mitigate cybersecurity threats and vulnerabilities effectively.
• Hybrid / In-person at Arlington and Washington, DC locations

Preferred Qualifications:

• Relevant certifications such as CISM, CEH, or GIAC.
• Experience with Mitre ATT&CK and other analytic frameworks.
• Experience in the energy sector or other critical infrastructure industries.