Cyber Defense Incident Responder (Advanced)
About The Position
The Cyber Defense Incident Responder (Advanced) performs hands-on technical work while guiding and directing senior and mid-level analysts. This role involves advanced threat detection, threat intelligence research, practical application of threat intelligence to operations, development of custom scripts, and a working understanding of complex threat actor techniques used to compromise systems and evade detection. The ideal candidate brings extensive operational experience defending highly secure enclaves, specifically navigating Top Secret/Sensitive Compartmented Information (TS/SCI) and Special Access Program (SAP) networks.
Requirements
- High school diploma or GED equivalent required.
- Bachelor's degree in Computer Science, Digital Forensics, or a related major with an emphasis on Security preferred.
- Six (6) or more years of experience in Threat Hunting, Security Research, or Incident Response.
- Demonstrated leadership skills, preferably in a formal leadership role.
- Demonstrated scripting experience.
- Active TS/SCI clearance required.
Nice To Haves
- SAP (Special Access Program) access eligibility or prior SAP-network operational experience.
- Relevant industry certifications (e.g., GCIH, GCFA, GCIA, GREM, GDAT, CySA+, or equivalent).
- Ability to successfully pass background and drug screening.
Responsibilities
- Lead a small team of advanced and mid-level security analysts to provide Incident Defense (ID) services for government clients, specifically tailored to the unique security constraints of TS/SCI and SAP environments.
- Serve as the primary technical point of contact for complex threat hunting issues, and mentor new ID team members to grow their skills and operational abilities.
- Engineer advanced detection alerting rules for events reported by endpoints, cloud services, network devices, and other relevant event sources across classified enclaves, using Splunk SPL, Microsoft Kusto Query Language (KQL), Elastic Kibana Query Language, Carbon Black, Snort rules, or other pattern-matching detection tools.
- Proactively research new malware using hunting capabilities on malware repository services (such as VirusTotal) and through established partnerships with other security researchers, ensuring all malware handling adheres to strict classified network protocols.
- Lead targeted phishing campaigns to help educate the workforce on the risks of social engineering and malicious attachments.
- Lead purple and red teaming efforts as directed, conducting adversary emulation relevant to the architecture of highly classified networks.
- Provide critical support to the Network Operations and Security Center (NOSC) and coordinate team schedules to ensure on-call coverage for after-hours, weekends, and holidays.
- Maintain the toolkit utilized by the ID Team; conduct research analysis on the latest cybersecurity tools, provide rationale to renew or deprecate current tools, and recommend new technologies for the enterprise.
- Perform comprehensive research and investigations with little to no oversight to locate information relevant to government requests, communicating findings effectively to government information security professionals.
- Ensure all written communication (reports, briefings, and alerts) is professional, high-quality, free of errors, and clearly delivers actionable intelligence.
- Perform other duties as assigned.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
