Cyber Incident Response Analyst

About The Position

Requirements

• Active TS/SCI clearance; must also obtain a favorable DHS Entry on Duty (EOD) determination
• Bachelor's degree in IT, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering from an ABET or NCAE-C designated institution
• Minimum 8-12 years of experience in incident detection/response, malware analysis, or cyber forensics
• A bachelor's degree may substitute for up to 1 year of experience
• A master's degree may substitute for up to 2 years of experience
• At least two certifications from the following: Security+, PenTest+, Cloud+, GSEC, CEH, CCE, CFR, CySA+, GCFA, GCIA, GCIH, GDSA, GICSP
• Advanced experience in CIRT and/or SOC operations for large enterprises
• Deep understanding of the Incident Response lifecycle
• Familiarity with Intelligence Driven Defense, Cyber Kill Chain, and MITRE ATT&CK frameworks
• Knowledge of enterprise network architecture, protocols (DHCP, DNS, HTTP), and devices (firewalls, proxies, VPNs)
• Expertise in Windows and Linux operating systems and artifacts
• Strong grasp of industry standards and best practices for incident response and SOC operations
• Excellent analytical, troubleshooting, and communication skills
• Ability to work independently with minimal supervision
• Must be a U.S. Citizen

Nice To Haves

• In-depth knowledge of current and emerging cybersecurity technologies
• Hands-on experience in Protect, Detect, Respond, and Sustain functions within a CIRT
• Strong understanding of cyber threat lifecycle, attack vectors, and adversary TTPs
• Experience monitoring and responding to threats in cloud environments (AWS, Azure, etc.)
• Completion of military cyber training courses: 4-11-C32-255S (CP), 4C-255N (CP), or 4C-255A (CP)

Responsibilities

• Provide expert investigative support for large-scale and complex security incidents, including those lacking technical detection
• Ensure SOC compliance with relevant cybersecurity regulations and standards
• Identify threat actor TTPs, post-compromise behaviors, and insider threats through data analysis
• Create and modify SIEM dashboards to visualize findings and monitor activity
• Drive implementation and enhancement of tools, frameworks, and methodologies
• Promote best practices in incident response, cybersecurity analysis, case management, and SOC operations
• Monitor external sources (e.g., CERTs, vendor sites) to stay current on cyber threat conditions
• Advocate for automation and process efficiency improvements
• Mentor junior analysts to elevate team capabilities and deliver high-quality work
• Build trust and maintain relationships with customers and stakeholders

Benefits

• Pay Range $104,650.00 - $189,175.00