Today
Public Trust
Unspecified
Unspecified
IT - Security
home, VA (On-Site/Office)
Job Description:
Responsibilities
We are seeking a highly motivated and experienced Incident Response Lead to serve as the NGDC SOC's technical authority during active cybersecurity incidents across hybrid cloud and on-prem environments. You will direct responders, coordinate with enterprise stakeholders, and drive rapid containment and eradication of threats targeting the NGDC and FTII platforms. This role is ideal for a seasoned IR professional with strong investigative leadership, decisive problem-solving under pressure, and a passion for elevating SOC maturity.
• Direct and execute the full incident response lifecycle - detect, analyze, contain, eradicate, recover, and post-incident improvement.
• Act as lead investigator for high-severity incidents, driving scoping, timelines, and decision logs.
• Maintain situational awareness and provide clear, timely updates to SOC leadership, Cyber Engineering, ISSO, and FSA stakeholders.
• Lead technical coordination with Cloud, Network, Identity, and System Administration teams during active response
• Serve as escalation decision authority for containment actions and service disruption trade-offs.
• Lead host/network/cloud forensic investigations; guide analysts on SOC suite tool usage.
• Validate and evaluate IOCs/IOAs, malware, credential abuse, lateral movement, and persistence mechanisms.
• Ensure integrity and documentation meets audit and legal standards.
• Maintain and continuously enhance IR playbooks, runbooks, and operational workflows.
• Lead incident readiness activities (tabletops, purple team exercises, threat hunt planning).
• Translate lessons learned into proactive detection content and security control improvements.
• Mentor and technically develop SOC Analysts and supporting engineering roles.
• Partner with FSA SOC, CISA, and third-party responders when required.
• Coordinate communications with Legal, ISSOs, Public Affairs, and leadership during incidents.
• Represent NGDC SOC in briefings with senior government leadership (CISA HVA, DoED, FSA).
Qualifications
Required Qualifications:
• 8+ years of hands-on cybersecurity experience, including 4+ years in incident response or DFIR roles.
• Demonstrated ability to lead major incidents affecting hybrid infrastructure (cloud + on-prem).
• Strong command of:
o Digital forensics methodologies (host and cloud).
o Log and SIEM analysis (e.g., Splunk).
o EDR platforms (e.g., Trellix, CrowdStrike, Defender).
o Network analytics and packet capture fundamentals.
• Deep familiarity with MITRE Telecommunication&CK, NIST SP 800-61, and cyber kill chain frameworks.
• Excellent communication and situational leadership skills - able to brief executives under pressure.
• U.S. Citizen with the ability to obtain a Public Trust clearance
Desired Qualifications:
• Experience supporting Federal cybersecurity operations, HVA environments, or regulatory incident reporting
• Experience with:
o AWS GovCloud and M365 security incident management
o Identity-centric investigations (AD, Azure AD/Entra ID, IAM abuse)
o Infrastructure-as-Code (Terraform/Ansible) and cloud-native IR tooling
• Relevant certifications, such as:
o GCIA, GCFA, GNFA, GCIH, GDAT, CCSK, CCSP
o Cybersecurity IR or forensic-focused certifications (e.g., CFR, CFCE, CHFI)
• Prior coordination with external IR firms (Mandiant, Unit42, etc.)
• Experience mentoring responders and maturing SOC/IR capabilities
Regards,
Samson Chacko
Federal Staffing Specialist
Cell/ Text : 973-394-3928
Email: Samson.chacko@artech.com
LinkedIn: linkedin.com/in/samson-chacko
Responsibilities
We are seeking a highly motivated and experienced Incident Response Lead to serve as the NGDC SOC's technical authority during active cybersecurity incidents across hybrid cloud and on-prem environments. You will direct responders, coordinate with enterprise stakeholders, and drive rapid containment and eradication of threats targeting the NGDC and FTII platforms. This role is ideal for a seasoned IR professional with strong investigative leadership, decisive problem-solving under pressure, and a passion for elevating SOC maturity.
• Direct and execute the full incident response lifecycle - detect, analyze, contain, eradicate, recover, and post-incident improvement.
• Act as lead investigator for high-severity incidents, driving scoping, timelines, and decision logs.
• Maintain situational awareness and provide clear, timely updates to SOC leadership, Cyber Engineering, ISSO, and FSA stakeholders.
• Lead technical coordination with Cloud, Network, Identity, and System Administration teams during active response
• Serve as escalation decision authority for containment actions and service disruption trade-offs.
• Lead host/network/cloud forensic investigations; guide analysts on SOC suite tool usage.
• Validate and evaluate IOCs/IOAs, malware, credential abuse, lateral movement, and persistence mechanisms.
• Ensure integrity and documentation meets audit and legal standards.
• Maintain and continuously enhance IR playbooks, runbooks, and operational workflows.
• Lead incident readiness activities (tabletops, purple team exercises, threat hunt planning).
• Translate lessons learned into proactive detection content and security control improvements.
• Mentor and technically develop SOC Analysts and supporting engineering roles.
• Partner with FSA SOC, CISA, and third-party responders when required.
• Coordinate communications with Legal, ISSOs, Public Affairs, and leadership during incidents.
• Represent NGDC SOC in briefings with senior government leadership (CISA HVA, DoED, FSA).
Qualifications
Required Qualifications:
• 8+ years of hands-on cybersecurity experience, including 4+ years in incident response or DFIR roles.
• Demonstrated ability to lead major incidents affecting hybrid infrastructure (cloud + on-prem).
• Strong command of:
o Digital forensics methodologies (host and cloud).
o Log and SIEM analysis (e.g., Splunk).
o EDR platforms (e.g., Trellix, CrowdStrike, Defender).
o Network analytics and packet capture fundamentals.
• Deep familiarity with MITRE Telecommunication&CK, NIST SP 800-61, and cyber kill chain frameworks.
• Excellent communication and situational leadership skills - able to brief executives under pressure.
• U.S. Citizen with the ability to obtain a Public Trust clearance
Desired Qualifications:
• Experience supporting Federal cybersecurity operations, HVA environments, or regulatory incident reporting
• Experience with:
o AWS GovCloud and M365 security incident management
o Identity-centric investigations (AD, Azure AD/Entra ID, IAM abuse)
o Infrastructure-as-Code (Terraform/Ansible) and cloud-native IR tooling
• Relevant certifications, such as:
o GCIA, GCFA, GNFA, GCIH, GDAT, CCSK, CCSP
o Cybersecurity IR or forensic-focused certifications (e.g., CFR, CFCE, CHFI)
• Prior coordination with external IR firms (Mandiant, Unit42, etc.)
• Experience mentoring responders and maturing SOC/IR capabilities
Regards,
Samson Chacko
Federal Staffing Specialist
Cell/ Text : 973-394-3928
Email: Samson.chacko@artech.com
LinkedIn: linkedin.com/in/samson-chacko
group id: artech
