CBO - Tier 3 Incident Responder

About The Position

Requirements

• Active Public Trust clearance
• B.S. Computer Science, Information Technology, or a related field
• 5–8+ years of experience in cybersecurity incident response or digital forensics
• Hands-on experience with Microsoft Sentinel, Defender XDR, and SIEM tools
• Strong knowledge of incident handling frameworks (NIST SP 800-61)
• Experience with forensic tools (e.g., EnCase, FTK, Volatility, Velociraptor)
• Proficiency in log analysis, threat detection, and correlation across multiple data sources
• Experience with cloud environments (AWS, Azure) and enterprise networks
• Strong understanding of MITRE ATT&CK framework

Nice To Haves

• GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
• Microsoft Sentinel or Microsoft security platform certifications
• Relevant cloud security certifications (e.g., AWS security)
• Privacy certifications (e.g., CIPP/US, CIPM) where applicable

Responsibilities

• Lead complex incident investigations across enterprise environments (cloud, endpoint, network, identity)
• Perform full lifecycle incident response: detection, triage, containment, eradication, and recovery
• Conduct digital forensics, including evidence acquisition, preservation, and analysis
• Perform malware analysis (static and dynamic techniques)
• Provide root cause analysis (RCA) and post-incident reporting with remediation recommendations
• Support ransomware response and provide advisory guidance consistent with federal policy
• Execute advanced threat hunting across SIEM (Microsoft Sentinel) and XDR platforms
• Coordinate with SOC analysts (Tier 1 & 2), engineers, and stakeholders during incidents
• Develop and improve incident response playbooks and procedures
• Ensure chain-of-custody and evidence integrity for all forensic investigations
• Support compliance with NIST SP 800-61 and federal incident handling requirements