Tier 1 Cyber Incident Response Team (CIRT) Lead

About The Position

Requirements

• Bachelor’s degree and a minimum of 9 years of relevant experience; 7 years with a Master’s degree; 4 years with a PhD.
• An additional 4 years of relevant experience may be substituted for the degree requirement.
• Applicants must currently hold one of the following professional certifications or obtain one prior to their start date. Continued certification is required as a condition of employment:CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CHFI, CISA, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, CySA+, GCED, GCFA, GCIH, SCYBER
• U.S. citizenship required
• Active Secret security clearance
• Ability to obtain a final Top-Secret clearance
• Demonstrated experience across the Incident Response lifecycle
• Experience using ticketing and Security Orchestration and Response (SOAR) platforms (e.g., ServiceNow, Splunk SOAR)
• Knowledge of MITRE ATT&CK and D3FEND frameworks
• Knowledge of the Agile framework and SCRUM planning lifecycle
• Experience with log analysis and correlation from multiple sources
• Experience with email security and phishing analysis
• Experience with cloud security monitoring and cloud-based incident response
• Proficiency with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar)
• Proficiency with Endpoint Detection and Response (EDR) platforms (e.g., Microsoft XDR, Elastic XDR, Carbon Black, CrowdStrike)
• Ability to analyze all-source cyber threat intelligence and understand adversary methodologies and techniques
• Experience with PowerShell, Python, or BASH scripting
• Knowledge of static and dynamic malicious artifact analysis
• Experience collaborating with internal and external stakeholders
• Excellent written and verbal communication skills
• Strong leadership and mentoring capabilities

Nice To Haves

• Advanced technical or project management certifications, such as:CISSP, SecurityX/CASP+, GEIR, GNFA, GCFA, PMP, CISA
• Demonstrated expertise with Splunk for security monitoring and alert triage
• Demonstrated expertise with Microsoft Defender for Endpoint and Identity
• Experience with SCRUM planning under the Agile framework
• Experience with digital forensics collection and analysis tools
• Experience using Microsoft Azure for access and identity management
• Experience using ServiceNow SOAR for ticketing and automated response
• Proficiency with Python, PowerShell, and BASH scripting
• Proficiency in cloud security monitoring and incident response triage
• Experience with static and dynamic malicious artifact analysis

Responsibilities

• Manage the detection, classification, processing, tracking, and reporting on cyber security events and incidents
• Coordinate and collaborate with Department teams to analyze and respond to events and incidents
• Manage triage and response capabilities in a 24x7x365 environment
• Monitor and triage the CIRT hotline, email inboxes, and fax
• Manage ticket creation and workflows as instructed in SOPs
• Mange the reporting of incident information to the Cybersecurity and Infrastructure Security Agency (CISA)
• Manage collaboration with other local, national and international CIRTs as directed
• Manage the delivery and oversight of remediation activities
• Manage IR processes for identifying and triaging email events
• Manage IR processes for triage and analysis of Splunk Enterprise Security (ES) alerts and Microsoft Defender for Endpoint (MDE) Alerts
• Manage IR processes for triage of malicious artifacts to remediate further propagation
• Manage IR processes for triage and initial analysis of Microsoft Defender for Identity alerts, Entra ID alerts, and Microsoft for Cloud Identity alerts
• Create schedules and maintain personnel across all shifts
• Review monthly and technical status reports to ensure compliance and accuracy
• Review and update SCRUM sprint objectives for the team
• Prepare weekly metrics reports and Weekly Activity Reports (WAR) for upper management
• Write and suggest technical and procedural changes to CIRT management
• Conduct candidate interviews to evaluate potential team members
• Lead Shift Lead meetings to discuss training, issues, and concerns
• Identify Tier 1 analyst training requirements and coordinate training support
• Mentor the professional development of Tier 1 analysts