Cyber Incident Response Team (CIRT) Lead

SOSi•Ashburn, VA

About The Position

This position is contingent upon contract award SOSi is seeking highly qualified senior professionals to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. These roles deliver leadership, operational oversight, and technical expertise across cyber defense, incident response, intelligence, engineering, and modernization activities. Job Description Leads the end-to-end incident response function for the DHS enterprise SOC, coordinating triage, containment, eradication, and recovery; drives tool efficacy (SIEM/EDR/IDS/IPS), case management, and communications with stakeholders.

Requirements

Bachelor’s of Science in computer engineering, computer science, IT or cyber security (or eight (8) years of relevant work experience in lieu of a degree).
5+ years of progressively responsible experience in cyber security, information security, security engineering, network engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, or data management.
CISSP and have one or more of the following certifications: SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Certified Incident Handler (GCIH); SANS GIAC Certified Forensic Analyst (GCFA); SANS GIAC Certified Enterprise Defender (GCED) or other Information Assurance Technician (IAT) Level III certification in accordance with DoD 8140.
SIEM, EDR, IPS/IDS, and case management platforms.
TS, SCI-eligible.

Responsibilities

Lead incident detection, analysis, escalation, and coordinated response across SOC towers.
Standardize IR runbooks, playbooks, and communications; ensure evidence handling and documentation.
Measure and improve MTTA/MTTR; track lessons learned and corrective actions.
Ensure IR alignment to DHS/CBP policy and reporting requirements.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume