Federal Incident Response Lead (Principal Information Security Engineer)
About The Position
Zscaler accelerates digital transformation so our customers can be more agile, efficient, resilient, and secure. Our cloud native Zero Trust Exchange platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Here, impact in your role matters more than title and trust is built on results. We believe in transparency and value constructive, honest debate—we’re focused on getting to the best ideas, faster. We build high-performing teams that can make an impact quickly and with high quality. To do this, we are building a culture of execution centered on customer obsession, collaboration, ownership and accountability. We value high-impact, high-accountability with a sense of urgency where you’re enabled to do your best work and embrace your potential. If you’re driven by purpose, thrive on solving complex challenges and want to make a positive difference on a global scale, we invite you to bring your talents to Zscaler and help shape the future of cybersecurity. We are looking for a Federal Incident Response Lead (Principal Information Security Engineer) to join our team. This is a full-time onsite role based in Crystal City, VA, reporting to the Director of Federal Security Operations within the Enterprise Security department. You will establish and lead incident response operations from the ground up within a new, dedicated DoD/DoW IL6 cloud environment. You’ll drive end-to-end incident command, proactive threat hunting, and the operationalization of processes and tooling to ensure rapid response. This mission-critical role ensures our federal security practices align with DoD CC SRG and FedRAMP requirements.
Requirements
- US Citizenship and an active U.S. Secret Security Clearance (Top Secret preferred), with a willingness to participate in an on-call rotation (nights and weekends)
- 8+ years leading incident response and DFIR in DoD/classified environments, with proven incident command experience in 24/7 operations
- Experience establishing IR programs and formal threat hunting functions in cloud-centric federal environments
- Hands-on leadership operationalizing and tuning SIEM/SOAR (preferably Splunk Enterprise Security) content and playbooks
- Practical application of FedRAMP Moderate/High, NIST 800-53, DoD CC SRG, RMF, and DISA STIGs to IR processes and tooling
Nice To Haves
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field
- Have or be able to obtain advanced DoD 8140 DCWF certification
- Experience operating in U.S. government cloud regions (AWS GovCloud/Secret or Azure Government/DoD/Secret) with DoD IL5/IL6 constraints
Responsibilities
- Establish and mature an Incident Response (IR) program within a new, dedicated, classified DoD environment (primarily DoD IL6 with FedRAMP and DoD IL5 support)
- Lead end-to-end incident response, including triage, containment, eradication, recovery, and post-incident lessons learned with rigorous documentation
- Stand up and lead a formal threat hunting capability to proactively investigate and mitigate potential security threats in an IL6 environments
- Partner with security platform engineering to operationalize and tune SIEM/SOAR (Splunk Enterprise Security) content and playbooks, define detection requirements and coverage gaps, and ensure alerts are actionable for rapid response
- Collaborate with cross-functional teams to develop and refine IR playbooks, procedures, and automation aligned with DoD CC SRG and FedRAMP
Benefits
- Various health plans
- Time off plans for vacation and sick time
- Parental leave options
- Retirement options
- Education reimbursement
- In-office perks, and more!
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
5,001-10,000 employees
