CNDA jobs in Fort Meade, MD

Cyber Network Defense Analyst (CNDA)

Intrusion detection, log analysis, incident triage, and network defense for cleared cyber missions.

Location Fort Meade, MD / Annapolis JunctionClearance Active TS/SCI ClearanceLevels Levels 1, 2, 3, and 4 AvailableSchedule Full Time
Apply for this Role

GS Consulting Environment

Defending Networks Where Evidence Matters

At GS Consulting, defensive cyber work is not about staring at alerts until the queue gets smaller. The point is to understand what happened, what it means, and what the customer should do next. Cyber Network Defense Analysts do that work where network activity, host evidence, and mission risk meet.

This role is built for analysts who can move from alert review to evidence based assessment. You will help protect approved systems, investigate suspicious behavior, and recommend practical defensive actions in a cleared mission environment.

The Work

What the Role Looks Like Day to Day

CNDA work usually starts with defensive telemetry and a question: is this normal, suspicious, or urgent? A typical day may include reviewing IDS alerts, firewall logs, network traffic, host system logs, vulnerability data, and forensic indicators to decide whether activity needs escalation.

The job rewards analysts who can separate signal from noise. A good CNDA does not just repeat what a tool said. They validate the evidence, explain the impact, and help the team decide what should happen next.

Mission and Responsibilities

Core Responsibilities

Our CNDAs support defensive cyber missions where evidence quality and clear recommendations matter. Depending on your LCAT level, you will be expected to:

  • Analyze information from computer network defense resources to identify, validate, and report events that occur or may occur within the environment.
  • Monitor and triage intrusion detection system alerts, firewall logs, network traffic logs, and host system logs.
  • Investigate suspicious activity using vulnerability analysis, computer forensics, and network security methods.
  • Recommend defensive measures, infrastructure improvements, and countermeasures based on validated evidence and mission risk.
  • Collaborate with systems engineering, information assurance, and network administration teams to turn findings into practical security improvements.

Technical Domains

Required Technical Domains

Successful Cyber Network Defense Analysts at GS Consulting need practical experience across several of the following defensive cyber domains:

  • Computer Network Defense and intrusion detection
  • Firewall, network traffic, and host system log analysis
  • Information security, cyber security, and network security
  • Vulnerability analysis, penetration testing, and computer forensics
  • Computer and information systems design and development
  • Information assurance, systems engineering, and systems and network administration

Preferred Degree Fields

Preferred degree fields include Network Engineering, Systems Engineering, Information Technology, General Engineering, Computer Engineering, Electrical Engineering, Computer Science, Computer Forensics, Cyber Security, Software Engineering, Information Assurance, Computer Security, Mathematics, or a related engineering field. The degree must be from an accredited institution.

Tools and Mission Context

Defense Depends on Interpreting the Evidence

Cyber Network Defense Analysts use defensive tools, logs, sensors, working aids, and forensic methods to understand what is happening inside a network. But the tool output is only the starting point. The real value is knowing what the evidence means and how it should shape the response.

This role sits close to engineering teams, information assurance staff, network administrators, incident responders, and mission partners. That coordination matters because defensive recommendations need to be technically sound and realistic for the environment being protected.

Compensation

Estimated Compensation Range

Estimated compensation for Cyber Network Defense Analyst roles ranges from $70,000 to $200,000 per year. Final compensation depends on CNDA level, years of relevant experience, clearance status, customer requirements, contract fit, and location expectations.

The range is intentionally broad because this posting covers Levels 1 through 4. A Level 1 CNDA and a Level 4 CNDA may both support defensive cyber missions, but the senior role carries more independent judgment, deeper systems context, and greater responsibility for shaping defensive recommendations.

Qualification Paths

LCAT Qualification Paths

We are actively staffing billets across all four Cyber Network Defense Analyst levels. Please review the experience and education paths below. Relevant experience should connect to network defense, cyber security, incident analysis, vulnerability analysis, forensics, systems administration, or closely related technical mission work.

CNDA1

Level 1

  • Associate Degree plus 4 years of experience
  • Bachelor Degree plus 2 years of experience
CNDA2

Level 2

  • Associate Degree plus 7 years of experience
  • Bachelor Degree plus 5 years of experience
  • Master Degree plus 2 to 3 years of experience
  • Doctorate plus 2 years of experience
CNDA3

Level 3

  • Associate Degree plus 10 years of experience
  • Bachelor Degree plus 8 years of experience
  • Master Degree plus 6 years of experience
  • Doctorate plus 4 years of experience
CNDA4

Level 4

  • Associate Degree plus 13 years of experience
  • Bachelor Degree plus 11 years of experience
  • Master Degree plus 9 years of experience
  • Doctorate plus 7 years of experience

Career Growth

How CNDAs Grow Across Levels

Growth in this role comes from better triage judgment, stronger evidence review habits, deeper systems context, and the ability to recommend defensive actions that fit the mission environment. Senior CNDAs are trusted because they can investigate messy signals and still give the team a clear answer.

At GS Consulting, we value analysts who want to get sharper. That can mean improving detection logic, building better working aids, learning more about system behavior, or moving into roles that connect defense, engineering, and information assurance.

Why GS Consulting

A Smaller Team Closer to the Defensive Mission

Large contractors can make defensive analysts feel far removed from the actual mission. GS Consulting takes a more direct approach. We care about whether the person in the seat can understand the evidence, protect the environment, and help the customer make better decisions.

CNDA work is not generic security monitoring. It takes patience, technical judgment, evidence discipline, and the ability to explain why an event matters. If that is how you think, this is the right kind of work.

Role Questions

Cyber Network Defense Analyst FAQ

What does a Cyber Network Defense Analyst do?

A Cyber Network Defense Analyst monitors defensive cyber data, investigates suspicious activity, analyzes IDS alerts, firewall logs, network traffic, and host system logs, and helps mission teams understand what happened and what should happen next. The role combines network defense, incident analysis, vulnerability analysis, computer forensics, and practical security judgment.

What clearance is required for GS Consulting CNDA roles?

GS Consulting Cyber Network Defense Analyst roles require an active TS/SCI clearance. Candidates must also be able to meet customer, contract, and site access requirements for the specific billet. If additional customer screening is required, that will be handled during recruiting rather than posted as public qualification language.

What are the CNDA levels 1, 2, 3, and 4?

CNDA levels reflect increasing experience, independence, and defensive cyber judgment. Level 1 starts at 2 to 4 years of relevant experience depending on education path. Level 2 ranges from 2 to 7 years. Level 3 ranges from 4 to 10 years. Level 4 ranges from 7 to 13 years. Relevant experience should involve network defense, cyber security, incident analysis, vulnerability analysis, forensics, systems administration, or related technical mission work.

How is a CNDA different from an Exploitation Analyst?

A CNDA focuses on defending networks, analyzing alerts, investigating activity, and protecting approved systems. An Exploitation Analyst focuses more on finding exploitable technical conditions and supporting technical targeting. The roles can share cyber skills, but CNDA work is centered on defensive analysis, evidence review, and response recommendations.

What skills make a strong Cyber Network Defense Analyst candidate?

Strong candidates understand IDS alerts, firewall logs, host logs, network traffic, vulnerability analysis, incident triage, computer forensics, information assurance, and systems administration. The best CNDAs can separate signal from noise, explain what the evidence shows, and recommend actions that fit the mission environment.

What does a Cyber Network Defense Analyst earn?

Estimated compensation for GS Consulting Cyber Network Defense Analyst roles ranges from $70,000 to $200,000 per year. Final compensation depends on CNDA level, years of relevant experience, clearance status, customer requirements, contract fit, and location expectations.

Are these CNDA jobs onsite?

Yes. These Cyber Network Defense Analyst positions support work in the Fort Meade, MD and Annapolis Junction area. Because the work is tied to cleared government facilities, sensitive systems, and customer mission requirements, candidates should expect onsite work rather than a remote arrangement.

How do I apply for GS Consulting CNDA roles?

Use the Apply for this Role button on this page or email your resume directly to info@gsconsultingllc.com. Include your active clearance level, primary network defense or cyber security experience, and the CNDA level you believe matches your background.

Ready to defend the network?

Send us your resume. Please include your active clearance level, primary network defense or cyber security experience, and the specific CNDA level you are targeting based on your years of experience.