Cyber Defense Cloud Incident Responder

About The Position

Requirements

• Two (2) to Four (4) years’ hands-on cybersecurity experience in one or more of the following:
• Incident Response or Threat Hunting within a mid-to-large enterprise
• SOC operations supporting cloud or hybrid environments
• Enterprise vulnerability management or endpoint/cloud security operations
• Active Top Secret (TS) Clearance REQUIRED, eligible to be upgraded to TS/SCI
• DoD 8570 Information Assurance (IA) Program / DoD 8140 Cyber Workforce Qualification Program (CWQP): Must meet DoD 8570.01-M / IAT Level II or IAM Level II requirements at a minimum. At least one active qualifying certification required, including but not limited to:
• CompTIA Security+ CE, CompTIA CySA+, CompTIA SecX CE, SSCP, GCIH, GCED, GCIA, GSEC, CEH, Pentest+, Cloud+, GICSP, CISSP (or Associate)
• Bachelor’s Degree, in Cybersecurity, and/or Information Systems Management or equivalent combination of education, experience and military service
• Cloud Platform experience: Practical experience securing AWS, Azure, and/or Google Cloud environments
• Security Tooling: Experience with SIEM/SOAR platforms such as Splunk, Elastic, Swimlane, or equivalent
• Incident Response: Proven experience executing IR playbooks and responding to real-world security incidents
• Networking & Systems: Strong understanding of TCP/IP, DNS, authentication mechanisms, operating systems, log analysis, and cloud architecture
• Frameworks & Standards: Familiarity with NIST Cybersecurity Framework, NIST 800-53, and RMF concepts
• Analysis & Reporting: Ability to clearly document findings, response actions, and technical recommendations

Nice To Haves

• Experience supporting classified or DoD environments
• Familiarity with cloud-native security services (e.g., AWS Guard Duty, AWS Security Hub, Defender for Cloud, Security Command Center)
• Experience with automation, scripting, or SOAR workflows
• Exposure to threat hunting or advanced adversary analysis

Responsibilities

• Cloud Security Operations & Monitoring
• Monitor AWS, Azure, and/or Google Cloud environments for malicious or anomalous activity using SIEM, SOAR, and cloud-native security tooling.
• Analyze logs, telemetry, alerts, and cloud audit data to identify indicators of compromise (IOCs) and attack patterns.
• Tune detection logic and alerting to reduce false positives and improve response fidelity.
• Incident Response
• Lead and support incident response activities across the full lifecycle: identification, containment, eradication, recovery, and lessons learned.
• Perform root cause analysis and impact assessments for cloud-related security incidents.
• Coordinate response actions with SOC analysts, engineering teams, system owners, and government stakeholders.
• Document incidents, response actions, and remediation recommendations in accordance with government reporting requirements.
• Threat Intelligence & Analysis
• Leverage threat intelligence sources to identify emerging threats targeting cloud platforms and federal environments.
• Map adversary activity to MITRE ATT&CK and cloud-specific threat models.
• Recommend defensive improvements based on observed tactics, techniques, and procedures (TTPs).
• Vulnerability & Risk Management
• Identify cloud misconfigurations, exposed services, and security gaps.
• Support vulnerability assessments and remediation prioritization for cloud-hosted systems.
• Advise on security controls aligned to NIST and DoD requirements.
• Compliance & Audit Support
• Support compliance activities aligned to NIST 800-53, RMF, and DoD cybersecurity requirements.
• Assist with security documentation, evidence collection, and audit response.
• Validate cloud security configurations against established baselines and policies.

Benefits

• health care
• dental
• vision
• life insurance
• 401k
• education assistance
• paid time off including Paid Time Off
• holidays and any other paid leave required by law