Incident Response Analyst

About The Position

Requirements

• Experience coordinating and communicating security and privacy incidents across IT teams, ISSOs, and security stakeholders.
• Experience supporting incident response activities in collaboration with cybersecurity operations teams.
• Experience conducting incident-related data calls and consolidating responses from multiple stakeholders.
• Experience performing initial triage, containment, categorization, and escalation of suspicious events and potential incidents.
• Experience documenting incident management activities in accordance with established policies and incident management plans.
• Experience supporting lifecycle incident management processes including detection, analysis, containment, eradication, recovery, and post-incident activities.
• Experience providing forensic analysis, malware review, and technical incident response support.
• Experience preparing incident documentation, forensic reports, closure reports, and status updates for leadership and stakeholders.
• Experience communicating incident findings, corrective actions, and lessons learned to IT leadership and stakeholders.

Responsibilities

• Serve as the central point of coordination and communication for security and privacy incidents and vulnerability management.
• Facilitate communication among IT teams, ISSOs, security stakeholders, and cybersecurity operations teams.
• Conduct and coordinate incident-related data calls across federal and contractor personnel responsible for FISMA systems.
• Validate, consolidate, and deliver data call responses to stakeholders including the CIO, ISSO, and cybersecurity operations leadership.
• Engage stakeholders, IT staff, and subject matter experts to provide research, consultation, and guidance to support the analysis and resolution of security and privacy incidents.
• Provide advice and recommendations on risk mitigation, incident response requirements, and best practices.
• Perform and coordinate initial triage, containment, categorization, and escalation of suspicious events and potential incidents.
• Document all triage actions and incident escalation activities in accordance with organizational policies and the incident management plan.
• Work with federal and contractor team leads and stakeholders to identify resources required to support remediation efforts.
• Support compromise response efforts by following the lifecycle incident management process, including detection, analysis, containment, eradication, recovery, and post-incident activities.
• Provide technical response actions and collaborate with cybersecurity operations teams, ISSOs, leadership, and the Service Desk.
• Provide forensic analysis, malware review, and incident response services as needed.
• Maintain documentation for all incident phases, actions, decisions, outcomes, and closure.
• Prepare formal incident closure reports for all incidents, including key findings and corrective actions in the incident response portal.
• Produce detailed forensic reports, evidence documentation, malware behavior analysis, and remediation guidance.
• Provide leadership with timely status updates and reports for ongoing incidents affecting the hybrid IT infrastructure.
• Communicate key findings, corrective actions, and lessons learned to IT leadership, stakeholders, and staff.
• Prepare monthly reports on security and privacy incidents.
• Deliver clear and actionable reports detailing forensic findings, scope of compromise, and recommended remediation.