F-35 Incident Response SOC Analyst | Active Secret clearance

Transform technology into opportunity as an Incident Response SOC Analyst at GDIT. Shape what's next for mission-critical government projects while shaping what's next for your engineering career.

The F-35 Lightning II Program is the Department of Defense's focal point for defining affordable next generation strike aircraft weapon systems for the Navy, Air Force, Marines, and our allies. The F-35 will bring cutting-edge technologies to the battlespace of the future. The JSFs advanced airframe, autonomic logistics, avionics, propulsion systems, stealth, and firepower will ensure that the F-35 is the most affordable, lethal, supportable and survivable aircraft ever to be used by so many warfighters across the globe.

MEANINGFUL WORK AND PERSONAL IMPACT:

As an Incident Response SOC Analyst, the work you'll do at GDIT will be impactful to the mission of our Cybersecurity team on the F-35 Lightning II Program.

• Monitor and triage alerts from SIEM, EDR, IDS/IPS, and other security tools to identify suspicious activity.
• Perform initial investigation and classification of security incidents; escalate when necessary.
• Coordinate and orchestrate incident response efforts: containment, eradication, recovery, and documentation.
• Support digital forensic investigations, including evidence collection, preservation, and basic analysis.
• Provide regular status updates when conducting forensics.
• Provide a written report at the conclusion of each forensics examination. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):
  
  • Case File Number
  • Computer Name
  • User Name, File Names, etc.
  • Background
  • Investigation Details
  • Status/Disposition
  • Recommendations
• Prepare and present forensic findings in the form of briefings and/or reports, to government leads and managers as required
• Review logs and telemetry from endpoints, firewalls, servers, and cloud platforms to identify indicators of compromise (IOCs).
• Collaborate with IT and security teams to apply mitigation actions such as patching, blocking IPs, and adjusting configurations.
• Participate in post-incident reviews (PIRs) and help implement improvements to detection and response capabilities.
• Contribute to the development and maintenance of SOC playbooks, runbooks, and response procedures.
• Assist with Open-Source Intelligence (OSINT) monitoring and IOC enrichment.
• Continuously improve knowledge of cybersecurity frameworks, threat actor TTPs (MITRE ATT&CK), and forensic methodologies
• Handle sensitive file transfers IAW DoD Policies and procedures
• Query the classified network for any new vulnerabilities or weaknesses discovered by higher level commands that affect the status of the unclassified network

WHAT YOU'LL NEED TO SUCCEED:

Bring your engineering expertise along with a drive for innovation to GDIT. Our Incident Response SOC Analyst must have:

• Security Clearance Level: Active Secret clearance.
• Required Experience:
• 5 years of foundational knowledge of cybersecurity concepts, such as incident handling lifecycle, threat intelligence, and basic to intermediate forensics.
• Familiarity with security tools (SIEM, EDR, SOAR, threat intel feeds) and basic incident response workflows.
• Hands-on experience with SIEM (e.g., MDE, Splunk, QRadar, ArcSight), EDR (e.g., CrowdStrike, Defender, SentinelOne), and basic SOAR concepts.
• Experience with incident response tooling, digital forensics, and evidence handling.
• Understanding of networking fundamentals (TCP/IP, DNS, HTTP/S, VPNs, firewalls).
• Strong analytical and problem-solving skills with a structured, methodical approach.
• Excellent written and verbal communication; ability to produce clear incident reports, documentation and manuals.
• Ability to work in a fast-paced environment and participate in on-call rotations (as needed).
• Commitment to continuous learning and professional growth in cybersecurity.
• Required Certifications: CompTIA Security+, CEH, SANS GCIH, GIAC GCIA, or equivalent
• Education: BS degree in Computer Science, Information Security, Cybersecurity, or a related field.
• Work Location: Hybrid - onsite in Arlington, VA + remote.
• US Citizenship Required

WHAT WE'D LOVE FOR YOU TO HAVE (Desired):

• Knowledge of MITRE ATT&CK framework and common attacker techniques.
• Familiarity with cloud security concepts (AWS/Azure/GCP) and cloud incident response considerations.
• Scripting or automation skills (PowerShell, Python, Bash) a plus.

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.

• Growth: AI-powered career tool that identifies career steps and learning opportunities
• Support: An internal mobility team focused on helping you achieve your career goals
• Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
• Flexibility: Full-flex work week to own your priorities at work and at home.
• Community: Award-winning culture of innovation and a military-friendly workplace

OWN YOUR OPPORTUNITY
Explore a career in software development at GDIT and you'll find endless opportunities to grow alongside colleagues who share your dedication to advancing innovation.

Work Requirements