Cyber Incident Handler - Associate

About The Position

Requirements

• Active DoD Secret Clearance.
• Demonstrated experience in IDS/SIEM monitoring, event triage, multi-source data analysis, incident response coordination, TTP and exploit knowledge, and end-to-end incident documentation from detection through resolution.
• Foundational understanding of cybersecurity controls and the importance of adhering to security policies in a professional environment.
• Bachelors in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering OR one of the following certifications prior to start date: GMON, GRID, CEH, Cloud+, CySA+, GSEC, PenTest+, Security+, SSCP
• 0 years of experience with BS/BA, 2 years of experience with AA/AS, 4 years of experience with no degree
• One of the following certifications prior to start date: GMON, GRID, CEH, Cloud+, CySA+, GSEC, PenTest+, Security+, SSCP

Nice To Haves

• Familiarity with MISP for threat intelligence sharing, IOC management, and integration with incident response workflows
• Experience with ServiceNow Security Operations (SecOps) module for incident tracking and SLA management
• Proficiency with Elastic Stack or Splunk for SIEM-based alert triage, event correlation, and incident timeline reconstruction
• Working knowledge of NIST SP 800-61 Computer Security Incident Handling Guide and DoD/Army incident response policy frameworks
• Experience developing and exercising incident response playbooks for common cyber-attack scenarios in a DoD environment
• Familiarity with digital forensics tools and techniques for evidence collection, chain of custody, and artifact analysis
• Experience operating in a 24/7 CSSP or SOC environment supporting classified Army or DoW networks

Responsibilities

• Evaluate security alerts and analyze network events to determine their impact on current operations.
• Conduct initial event triage, formulate response strategies, and mitigate threats to the Department of War (DOW) information network.
• Collaborate with senior team members to investigate and resolve security events.
• Synthesize alert data into actionable reports.
• Contribute to the continuous improvement of security operations and documentation.
• Coordinate across the enterprise to ensure network security devices are being monitored and are receiving or generating alerts.
• Identify security risks and exposures, determine causes of security violations, and suggest procedures to halt future incidents and improve security.