Lead Incident Responder

Evolver Federal is seeking a Lead Incident Responder to fulfill a requirement for a potential government client. The Lead Incident Responder serves as the central point of accountability for day-to-day incident response operations, providing leadership and direction in high-pressure environments. This role emphasizes measurable outcomes such as MTTR reduction and compliance audit success while ensuring rapid detection, containment, eradication, and recovery from security incidents. The Lead Incident Responder will maintain compliance with federal cybersecurity frameworks (NIST 800-series, RMF, TIC 3.0), lead investigations into complex threats, and deliver compliance reporting to federal stakeholders. Responsibilities include coordinating with SOC teams, ISSOs, and AOs, integrating threat intelligence and forensic analysis into response processes, and driving continuous improvement to strengthen organizational resilience against evolving cyber threats. This position requires deep technical expertise, strong leadership skills, and the ability to align incident response operations with performance-based federal requirements.

Responsibilities:

• Lead end-to-end incident response activities, including detection, triage, containment, eradication, and recovery.
• Direct investigations of advanced threats, including APTs, ransomware, and insider threats.
• Lead tabletop exercises and incident simulations for federal agencies.
• Coordinate with SOC analysts, engineering teams, and federal stakeholders during major incidents.
• Develop and maintain incident response playbooks, escalation procedures, and forensic methodologies.
• Ensure alignment with Zero Trust Architecture principles.
• Perform root cause analysis and recommend corrective actions to prevent recurrence.
• Integrate threat intelligence into incident response workflows to enhance detection and mitigation.
• Oversee digital forensics and evidence handling for legal and compliance requirements.
• Prepare and deliver executive-level incident reports and post-incident reviews.
• Support continuous improvement initiatives, including automation of incident response processes.
• Ensure compliance with federal cybersecurity frameworks (NIST 800-series, RMF, FISMA) and organizational policies.

Basic Qualifications:

• Bachelor's Degree in Computer Science, Information Management (IM), Information Technology, Engineering, or equivalent with 6 years of technical experience and 4 years' experience in IT Solutions at senior management
• Certified Information Systems Security Professional (CISSP)
• Certified Incident Handler, Certified Intrusion Analyst, Certified Ethical Hacker, or similar certifications
• Project Management Institute (PMI) Project Management Professional (PMP) (Highly Recommended)
• Information Technology Infrastructure Library (ITIL) 4 Foundation
• 10 years of successful enterprise experience in an IT or technology-related field, with the last 5 years, on large government technical BPAs/contracts
• US Citizen with the ability to pass a comprehensive government background check

Preferred Qualifications:

• Experience managing or supporting cybersecurity operations, including SOC functions, in a federal or highly regulated environment
• Experience leading cybersecurity programs within federal civilian agencies
• Master's degree in a technical or management-related field
• CISM or GIAC certifications (e.g., GCFA, GCIH)
• Experience with FedRAMP and CISA directives for federal compliance
• Experience with performance-based contracts and cross-functional team leadership
• Strong communication skills, including experience delivering executive briefings and incident communications
• Hands-on experience with SIEM (Splunk, Elastic), SOAR (Cortex XSOAR), and EDR platforms (CrowdStrike, Microsoft Defender).
• Expertise in malware analysis, reverse engineering, and memory forensics.
• Familiarity with cloud incident response and hybrid environments (AWS, Azure).
• Experience leading large-scale incident response efforts in federal or critical infrastructure environments.
• Experience with federal procurement processes and contract deliverables
• Hands-on experience with Fed IT programs' SELC/SDLC
• Knowledge of threat hunting methodologies and proactive detection strategies.
• Ability to mentor junior responders and build a high-performing incident response team.
• Understanding of advanced attack techniques, including lateral movement and privilege escalation.
• Experience with automation tools for incident response and threat containment.

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.

Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.