NIH - Incident Response Analyst

cFocus Software IncorporatedBethesda, MD
Remote

About The Position

cFocus Software is seeking an Incident Response Analyst to join our program supporting the National Institutes of Health (NIH). This is a fully remote position that requires a Public Trust clearance or the ability to obtain one. The role involves monitoring security events, detecting, analyzing, and responding to cybersecurity incidents, and performing incident triage to determine scope, severity, urgency, and operational impact. The analyst will also support incident containment, eradication, recovery, and restoration activities, investigate suspected security incidents within established response time requirements, and coordinate incident handling activities with NIH and HHS cybersecurity organizations. Responsibilities include monitoring enterprise security logs and alerts, performing network and host-based intrusion detection, monitoring cloud applications and infrastructure, supporting continuous 24x7 security monitoring operations, and identifying indicators of compromise (IOCs) and suspicious activity.

Requirements

  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 5+ years of cybersecurity experience.
  • 5+ years supporting cybersecurity incident response or Security Operations Center (SOC) environments.
  • Experience investigating security incidents across Windows, Linux, cloud, and enterprise networks.
  • Experience with SIEM technologies and security monitoring platforms.
  • Experience performing incident triage and root cause analysis.
  • Knowledge of malware analysis and digital forensics concepts.
  • Understanding of NIST Cybersecurity Framework and NIST SP 800-61 Incident Handling Guide.
  • Ability to obtain and maintain required NIH suitability/background investigation.

Nice To Haves

  • Active GCIH, GCFA, GCIA, CISSP, CySA+, Security+, CEH, CHFI, CISM, or GSEC

Responsibilities

  • Monitor security events across the NIH/OD-OIT environment.
  • Detect, analyze, and respond to cybersecurity incidents affecting enterprise systems.
  • Perform incident triage to determine scope, severity, urgency, and operational impact.
  • Support incident containment, eradication, recovery, and restoration activities.
  • Investigate suspected security incidents within established response time requirements.
  • Coordinate incident handling activities with NIH and HHS cybersecurity organizations.
  • Monitor enterprise security logs and alerts.
  • Perform network and host-based intrusion detection.
  • Monitor cloud applications and cloud infrastructure.
  • Support continuous 24x7 security monitoring operations.
  • Identify indicators of compromise (IOCs) and suspicious activity.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service