We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Phia LLC jobs

Cyber Threat Analyst - Detection Automation and Engineering

Phia LLC
medical insurance, dental insurance, life insurance, vision insurance, paid time off, paid holidays, long term disability, 401(k)
United States, Virginia, Fairfax
11166 Fairfax Boulevard (Show on map)
Feb 02, 2026

OVERVIEW:
At phia we hire talented and passionate people who are focused on collaborative, meaningful work-providing technical and operational subject matter expertise and support services to our partners and clients.

phia is seeking a Cyber Threat Analyst to support cybersecurity integration efforts across a largescale enterprise environment. This role focuses on performing triage, threat detection, incident analysis, and automation development leveraging AI/ML capabilities. The ideal candidate has extensive handson experience with SIEM, EDR, XDR, SOAR, and network security, along with strong analytical and communication skills that enable effective reporting, technical interpretation, and crossfunctional collaboration.

This role requires a detailoriented cybersecurity SME capable of translating complex threat data into meaningful insights, developing use cases, and enhancing security program maturity.

What You'll Do

  • Perform triage on all security escalations and detections to determine scope, severity, and root cause.
  • Monitor cybersecurity events, detect potential incidents, and conduct detailed investigations.
  • Identify, recommend, develop, and implement automation use cases leveraging AI/ML technologies.
  • Support deployment, configuration, testing, and maintenance of Security Orchestration, Automation, and Response (SOAR) platforms and AI/MLenabled tools to strengthen detection and response.
  • Provide ongoing support to the Program Manager as required.
  • Communicate complex technical information clearly to nontechnical audiences.
  • Influence stakeholders to comply with cybersecurity policies, standards, and best practices.

Who You Are

  • Cybersecurity professional with 7+ years of experience in security operations, threat hunting, and incident response.
  • Experienced analyzing alerts from Cloud, SIEM, EDR, and XDR tools-preferably SentinelOne, Armis, and Splunk.
  • * Skilled in configuring network devices and analyzing network traffic.
  • Familiar with cybersecurity operations center (SOC) functions and enterprise security workflows.
  • Experienced working with AI/MLbased security tools and developing SOAR use cases.
  • Proficient in configuring or reconfiguring tools such as SentinelOne and Splunk.
  • Knowledgeable in applying frameworks such as MITRE ATT&CK and NIST to develop actionable monitoring solutions.
  • Must hold at least one of the following certifications: CISSP, CISA, CISM, GIAC, RHCE

Preferred Skills

  • Developing, testing, and implementing RiskBased Alerting (RBA).
  • Identifying RBAdriven use cases and SOAR/AIML automation opportunities.
  • Monitoring and analyzing alerts from IDS/IPS, Splunk, Tanium, MS Defender, SentinelOne, and cloud security tools with recommendations for tuning.
  • Analyzing network traffic and providing evidencebased recommendations.
  • Conducting vulnerability assessments of recently disclosed CVEs across enterprise systems.
  • Assisting with configuration or reconfiguration of enterprise security toolsets.
  • Performing hostbased analysis across diverse operating systems including Windows, Linux, UNIX, embedded systems, and mainframes.
  • Developing signatures for deployment across cybersecurity defense tools based on observed or emerging threats.
  • Testing, evaluating, and verifying hardware/software to validate compliance with requirements.

Required Education + Experience

  • BA/BS in Cybersecurity, Computer Science, Information Technology, or a related field or equivalent handson experience.
  • 7+ years supporting enterprise security operations, detection engineering, and incident response.
  • Extensive experience with SIEM/EDR/XDR platforms, network analysis, and security automation.

Security Clearance/Vetting

  • U.S. Citizenship required
  • Ability to obtain Public Trust clearance

WORK SCHEDULE: Monday-Friday core daytime
WORK LOCATION: Remote
DAYS OFF: Saturday and Sunday
TRAVEL: N/A
TELEWORK ELIGIBILITY: Yes
SECURITY REQUIREMENTS: Public Trust

Who We Are

phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits to enhance work-life balance, including the following:

  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short Term & Long Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Paid Holidays
  • Paid Time Off (PTO)
  • Tuition and Professional Development Assistance
Applied = 0
MORE JOBS LIKE THIS

(web-54bd5f4dd9-dz8tw)