Incident Response Team Lead
About The Position
Agile Defense is seeking experienced Cyber Incident Response Team Lead to support an enterprise cybersecurity program that delivers 24/7/365 Cybersecurity Operations Center (SOC) services. The IR team conducts security investigations for potential threat activity identified within the organization, conducts deep-dive forensic investigations (host-based,cloud and network), identify and implement countermeasures, as well as track and report on incident activity to USG customers. To support this vital mission, Agile Defense staff are on the forefront of providing Advanced CSOC Operations to include the development of advanced analytics and countermeasures to protect critical assets from various cyber threats. To ensure the integrity, security and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, technical analysis and incident response lifecycle. A strong work ethic, diligent time and attendance, written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally, the ideal candidate would be familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management.
Requirements
- Active Certified Information System Security Professional (CISSP)
- Bachelor of Science in computer science, engineering, STEM or cybersecurity IT or cyber security (or eight (8) years of relevant work experience in lieu of a degree).
- Five (5) years of progressive professional experience in incident response role, SOC analyst role with emphasis in cyber security issues, incidents, hunts or digital forensics and operations, and computer incident response lifecycle.
- Candidates must also exhibit proficient use of cyber tools, including but not limited to Security Information and Event Management (SIEM), network analysis, live response, endpoint detection and response tools, Intrusion Prevention / Detections Systems (IPS / IDS) and CSOC ticketing platforms.
Nice To Haves
- One or more of the following GFCA, GPEN, GREM, GFNA, GIAC
- Familiarity with Cloud environments
Responsibilities
- Drive the incident response lifecycle to include incident detection, analysis, escalation, and coordinated response across all CSOC functions.
- Develop and standardize incident response runbooks, playbooks, and communication protocols; ensure proper evidence handling and thorough documentation.
- Monitor and improve key performance metrics (MTTA/MTTR); capture lessons learned and implement corrective actions to strengthen future response efforts.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
