Cybersecurity Analyst - Incident Response Lead

About The Position

Requirements

• 5+ years of experience in cybersecurity, with a focus on incident response and/or security operations
• Bachelor’s degree in cybersecurity, information assurance, computer science, MIS, engineering, or a related field (or additional 5 years of experience)
• Relevant certification (e.g., CySA+, GCIA, GCIH, CISSP)
• Hands-on experience with: Incident response processes and frameworks (e.g., NIST SP 800-61), SIEM platforms (e.g., Splunk, Microsoft Sentinel), Endpoint Detection & Response (EDR) tools, Log analysis and event correlation
• Experience conducting forensic investigations (disk, memory, or network)
• Strong understanding of attacker tactics, techniques, and procedures (TTPs)
• Ability to analyze and interpret Indicators of Compromise (IOCs)
• Strong analytical and problem-solving skills
• Excellent written and verbal communication skills
• Must be a U.S. citizen with the ability to obtain and maintain a U.S. Government security clearance

Nice To Haves

• Experience with forensic tools (e.g., EnCase, FTK, Velociraptor, Volatility)
• Familiarity with threat intelligence platforms and frameworks (e.g., MITRE ATT&CK)
• Experience with digital forensics in cloud environments
• Familiarity with NIST SP 800-171, NIST SP 800-53, DFARS, and CMMC
• Experience supporting compliance assessments, inspections or audits
• Experience supporting DoD, intelligence, or defense contractor environments
• Understanding of classified systems security (RMF, JSIG, DISA STIGs) requirements (RMF, JSIG, STIGs)

Responsibilities

• Leads end-to-end incident response activities, including identification, containment, eradication, and recovery
• Serves as the technical lead during security incidents, coordinating across IT, Cybersecurity Engineering, Governance, Risk and Compliance (GRC) and leadership
• Develops and maintains incident response playbooks and procedures
• Conducts and leads incident response exercises and tabletop scenarios
• Performs host-based, network-based, and log-based forensic analysis
• Preserves evidence in accordance with legal and regulatory requirements
• Conducts root cause analysis and produces detailed forensic reports
• Supports internal investigations and external reporting requirements
• Analyzes alerts from SIEM, EDR, EPP, and other tools to identify potential threats
• Correlates logs across multiple data sources to identify attack patterns and indicators of compromise (IOCs)
• Conducts threat hunting activities to proactively identify adversary behavior
• Integrates threat intelligence into detection and response processes
• Develops and refines detection use cases and alerting logic
• Recommends and implements improvements to incident response processes and tooling
• Automates response workflows where feasible
• Tracks metrics and performance of incident response capabilities
• Coordinates with GRC teams to ensure incidents are properly documented and aligned with compliance requirements
• Communicates incident status, impact, and remediation actions to stakeholders
• Supports CMMC assessment activities related to incident response and logging

Benefits

• SDL offers competitive salaries and a comprehensive benefits package.
• Visit our Benefits Page to learn more about what we offer.