Cyber Incident Responder

About The Position

Requirements

• A minimum of 8+ years of experience is required for this position.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related technical field, or equivalent practical experience.
• Previous experience in Incident Response, Cyber Defense, SOC operations, or Digital Forensics.
• Hands-on experience responding to enterprise-scale security incidents across networks, endpoints, and cloud environments.
• Proven ability to collect, preserve, and analyze intrusion artifacts, including malware, trojans, scripts, and suspicious binaries.
• Strong experience with incident triage, including determining scope, urgency, impact, root cause, and remediation strategy.
• Advanced experience analyzing logs and alerts from multiple sources (SIEM, EDR, IDS/IPS, firewalls, servers).Skilled in identifying indicators of compromise (IOCs) and attacker behaviors.
• Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar, Elastic); endpoint detection and response (EDR) tools
• Familiarity with network traffic analysis tools (and knowledge of malware analysis tools and sandbox environments.
• Familiarity with scripting or automation (e.g., Python, PowerShell, Bash) for investigation and analysis.
• Strong ability to write clear, concise technical reports, guidance, and incident summaries including publishing after-action reviews, playbooks, SOPs, and CONOPS.
• Ability to communicate complex technical findings to both technical and non-technical audiences.
• In lieu of some experience, industry certifications can be substituted (e.g., ISC2 CISSP, EC-Council Certified Incident Handler (C|IH), EC-Council Certified Network Defender (C|ND), SANS GCIH, SANS GCIP, SANS CFCA, Carnegie Mellon University CSIH)
• US Citizenship (clearable) is required.

Responsibilities

• Collects intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Performs analysis of log files from a variety of sources to identify possible threats to network security.
• Performs cyber defense incident triage, to include determining scope, urgency and potential impact, identifies the specific vulnerability, and making recommendations that enables expeditious remediation.
• Performs cyber defense trend analysis and reporting.
• Assists in Incident Response processes and in the enhancement of behavioral analytics including the development of Concept of Operations and Standards Operating Procedures.
• Develops and maintains models for cyber threat mitigation and improves on threat modeling.
• Use behavior analytics (UBA) and ensures all infrastructure components meet proper performance standards.
• Coordinates and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Coordinates incident response functions.
• Monitors external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.
• Performs initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
• Receives and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Writes and publishes after-action reviews, cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
• Assists junior Incident Response Technicians in their tasks

Benefits

• Federal Agency Clearance Requirements may require up to a 10-year background investigation