Overview:
We are seeking an experienced Incident Response (IR) Manager with strong Operational Technology (OT) and Industrial Control System (ICS) expertise to lead cybersecurity incident detection, analysis, response, and recovery activities in a mission-critical environment. This role is responsible for orchestrating incident response processes, ensuring rapid containment and eradication of threats, and driving continuous improvement of cyber defense capabilities across IT and OT infrastructures.
Key Responsibilities:
- Lead end-to-end incident response lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned) for IT and OT systems
- Manage and coordinate a team of responders, analysts, and engineers during high-severity incidents
- Develop, maintain, and exercise Incident Response Plans (IRPs), Playbooks, and Runbooks tailored for OT/ICS environments
- Interface with DoD stakeholders, government program offices, and third-party vendors to ensure coordinated response activities
- Oversee forensic investigations including malware analysis, packet captures, log reviews, and OT protocol traffic analysis
- Lead threat-hunting operations in IT/OT environments to proactively detect advanced adversaries
- Ensure all incident reporting aligns with DoD RMF, NIST 800-61, CJCSM 6510, and CMMC requirements
- Maintain compliance with STIGs, DISA CCRI, and DoD Cybersecurity Service Provider (CSSP) standards
- Drive improvements in network segmentation, Zero Trust adoption, OT security monitoring, and detection capabilities
- Provide after-action reports, metrics, and executive briefings to leadership
- Bachelor's degree in Cybersecurity, Computer Science, IT, or related field (or equivalent experience)
- 8+ years of cybersecurity experience, with at least 3+ years in incident response management
- Proven expertise in OT/ICS environments (e.g., SCADA, PLCs, DCS, manufacturing, utilities, or military OT systems)
- Hands-on experience with SIEM platforms (Splunk, ELK, ArcSight), EDR tools, and forensic toolsets (EnCase, FTK, Volatility, Wireshark, GRR)
- Deep knowledge of MITRE ATT&CK and ATT&CK for ICS frameworks
- Familiarity with networking protocols (TCP/IP, Modbus, DNP3, OPC, CIP, Profinet, etc.) and their security risks
- Experience with malware reverse engineering concepts, digital forensics, and memory analysis
- Strong knowledge of DoD cybersecurity compliance frameworks (RMF, NIST, STIG, CMMC)
- Excellent leadership, communication, and coordination skills for cross-functional response teams
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless
and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking âApply Todayâ you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
