Cyber Investigator - Security Monitoring

Piper Companies is seeking a Cyber Investigator to support a specialized security monitoring and engineering team within the government technology industry. The Cyber Investigator role is ideal for an analyst who understands attacker tactics, techniques, and procedures, and how these TTPs directly shape detection logic, investigations, and security workflows. The Cyber Investigator role is a long term contract opportunity.

Responsibilities of the Cyber Investigator:

• Conduct in‑depth investigations into suspicious activity using attacker TTPs as the foundation for analysis.
• Assess adversary tactics (the attacker’s goal), techniques (how they attempt to achieve it), and procedures (the specific steps and tools used).
• Translate TTP knowledge into actionable detection logic, investigative paths, and case development.
• Work alongside detection engineers and systems teams to validate alerting workflows and identify gaps in tooling.
• Analyze host, endpoint, server, and network activity to identify indicators of malicious behavior.
• Support custom SOC tooling by providing investigation‑driven insights that improve detection fidelity.
• Communicate findings clearly to engineering teams and stakeholders supporting government security operations.

Requirements of the Cyber Investigator:

• Strong understanding of attacker TTPs and how they influence detection engineering.
• Experience conducting cyber investigations, incident response, or SOC analysis.
• Ability to evaluate attacker goals, methods, and procedural steps to build reliable investigative hypotheses.
• Familiarity with endpoint, server, or network telemetry used in custom monitoring environments.
• Capability to adapt to a dynamic and evolving customer environment with frequent changes.

Compensation for the Cyber Investigator:

• $115,000- $130,000
• Full Comprehensive Benefits: Health, Vision, Dental, PTO, Paid Holiday and Sick Leave if Required by Law.

Keywords: cyber investigations, TTP analysis, tactics techniques and procedures, detection engineering support, SOC analysis, incident response, adversary behavior, investigative workflows, endpoint telemetry, network analysis, attack goals, malicious procedures, custom security tooling, government technology environment, EST schedule

This job opens for applications on 3/27/2026. Applications for this job will be accepted for at least 30 days from the posting date.

#LI-AG1

#HYBRID