Threat Management Specialist – Tier2 (shift work) (Hybrid)

1/7/2026

The Threat Management Specialist will identify cybersecurity threats and gaps, analyze network traffic, and recommend detection mechanisms. They will also execute operational processes in support of security incident response efforts and leverage AI/ML tools for threat detection.

Working Hours

40 hours/week

Company Size

51-200 employees

Language

English

Visa Sponsorship

About The Company

The A.C.Coy Company is a national staffing and consulting firm. We focus on IT and Accounting & Finance services with a corporate headquarters located in Pittsburgh, PA. The A.C.Coy Team is very proud of the fact that we have been providing outstanding, quality-based staffing services, to both our clients and candidates for nearly 40 years. At A.C.Coy, we are committed to working with clients to understand their business inside and out and to earn a level of trust that goes beyond the typical client/supplier relationship. We enjoy lasting, ongoing relationships with our clients and consider ourselves a partner in their success.

About the Role

Overview

Tier One Technologies is looking for a Tier2 Threat Management Specialist to work with our direct US Government client.
This will be a hybrid Contract-to-Hire position located in Falls Church, VA.
Available shifts:
- 3:30 PM to 11:30 PM EST with Tuesday & Wednesday days off
- 11:30 PM to 7:30 AM EST with Saturday & Sunday days off
SELECTED CANDIDATES WITHOUT REQUIRED CLEARANCE WILL BE SUBJECT TO A FEDERAL GOVERNMENT BACKGROUND INVESTIGATION TO RECEIVE IT.

Responsibilities

Identify cybersecurity threats and gaps that require mitigating controls.
Analyze network traffic to detect exploit attempts, intrusions, and anomalous behavior.
Recommend and implement detection mechanisms for exploit- and intrusion-related activity.
Provide subject matter expertise in network-based attacks, traffic analysis, and intrusion methodologies.
Escalate incidents requiring deeper investigation to senior members of the Threat Management team.
Execute operational processes in support of security incident response efforts
Leverage AI/ML-based tools to detect anomalies, automate incident triage, and enhance threat intelligence.
Perform and analyze threat intelligence to assess risk and adapt defenses using ML-enhanced tools.
Manage email security using Proofpoint; monitor threats and respond rapidly to attacks
Configure and maintain Splunk for log analysis, alert creation, and security incident investigation.
Configure Cisco Firepower for network monitoring, analyze traffic patterns, and enforce security controls.
Deploy and manage SentinelOne agents, monitor alerts, and conduct comprehensive security assessments.
Monitor, review, and respond to security alerts and incidents across multiple platforms, including Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra ID, and Google Cloud Security Command Center (SCC).
Conduct threat detection and analysis, investigate suspicious activity, coordinate incident response, and implement remediation actions.
Tune security policies, maintain visibility across cloud and endpoint environments, and support continuous security posture improvement.
Stay current with emerging cybersecurity threats, threat actors, and AI/ML research.
Identify and support security automation use cases, including AI/ML-driven SOC enhancements.
Collaborate across Operations to deliver SOC capability improvements through automation and AI.

Qualifications

Bachelor's or Master's Degree in Computer Science, Information Systems, or other related fields.
8+ years of IT Security experience.
2+ years of network traffic analysis experience.
Familiarity with AI/ML projects.
CERTIFICATIONS (One or more required): GIAC Certified Enterprise Defender (GCED) or GIAC Certified Security Essentials (GSEC) or CISSP, or SSCP.
Strong working knowledge of Boolean Logic, TCP/IP Fundamentals, Network Level Exploits and Threat Management.
Strong understanding of IDS/IPS technologies, trends, vendors, processes and methodologies.
Strong understanding of common IDS/IPS architectures and implementations.
Strong understanding of IDS/IPS signatures, content creation and signature characteristics including both signature and anomaly-based analysis and detection.
Prior experience with cloud security (AWS, Azure, GCP).
Hands-on experience with cybersecurity automation (e.g., SOAR platforms).
Proficiency in using machine learning frameworks to develop, train, and deploy models for anomaly detection, threat intelligence, and behavioral analysis in cybersecurity contexts.
Skills in data analysis and feature engineering, with the ability to preprocess and transform large datasets from various sources (e.g., logs, network traffic) to extract relevant features for machine learning models aimed at identifying security incidents and vulnerabilities.
Familiarity with the application of AI/ML techniques in cybersecurity, including but not limited to automated threat detection, incident response automation, and predictive analytics. Experience in evaluating the effectiveness of AI/ML solutions in a SOC environment is a plus.
Understanding and experience identifying and implementing automation use cases.
Knowledge of Control Frameworks and Risk Management techniques
Excellent oral and written communication skills.
Must be able to obtain a Position of Public Trust Clearance.
All candidates must be a US Citizen or have permanent residence status (Green Card).
Candidate must have lived in the United States for the past 5 years.
Cannot have more than 6 months travel outside the United States within the last 5 years. Military Service excluded.

Key Skills

CybersecurityNetwork Traffic AnalysisIncident ResponseThreat DetectionAI/MLCloud SecurityData AnalysisSecurity AutomationIDS/IPSSplunkCisco FirepowerSentinelOneMicrosoft DefenderThreat IntelligenceRisk ManagementCommunication Skills