Cybersecurity Incident Response Engineer, Jr

About The Position

Requirements

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or related field, or equivalent relevant experience.
• 0–3 years of experience in cybersecurity, IT operations, or related technical roles with exposure to security monitoring and incident triage.
• Foundational understanding of cybersecurity concepts, common attack techniques, and the role of a security operations center in detection and response.
• Hands-on familiarity with security tools such as SIEM, firewalls, IDS/IPS, endpoint protection, or vulnerability scanners, and ability to interpret basic alerts and logs.
• Active SECRET clearance or ability to obtain and maintain required clearance.
• U.S. citizenship required to support federal information security requirements.
• Strong analytical, problem-solving, communication, and teamwork skills, with the ability to manage multiple alerts and tasks in a fast-paced SOC environment.

Nice To Haves

• Experience working in or supporting a 24x7 SOC environment, including shift work and effective handoff practices for ongoing incidents.
• Entry-level security certifications such as Security+, CySA+, or similar that validate core defensive operations knowledge.
• Experience following or implementing documented playbooks, runbooks, or standard operating procedures in a security or IT operations context.
• Familiarity with federal cybersecurity policies, control frameworks, or agency-specific security requirements.

Responsibilities

• Monitor SIEM and other security tooling to review events, correlate logs from multiple sources, and identify suspicious patterns that may indicate cybersecurity threats or policy violations.
• Perform Tier 1 alert triage by validating alert context, determining severity and potential impact, filtering out false positives, and generating well-documented tickets for escalation.
• Assist with incident response activities, including gathering evidence, capturing indicators of compromise, and supporting containment and recovery steps under guidance of senior analysts.
• Document investigations thoroughly, including timelines, data sources reviewed, actions taken, and handoffs, to support audit requirements and follow-on analysis.
• Maintain familiarity with common security technologies such as firewalls, IDS/IPS, endpoint protection, and vulnerability scanners, and interpret how their alerts surface within SOC tools.
• Follow established SOC standard operating procedures, playbooks, and reporting formats, and contribute feedback to improve them as detection and response capabilities mature.
• Support continuous tuning of rules, use cases, and dashboards to reduce noise, enhance detection accuracy, and improve visibility into the client environment.
• Collaborate with IT, operations, and risk teams to align monitoring and response activities with cybersecurity policies, regulatory expectations, and mission priorities.