Job Requirements
Beltsville, MD
Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
ICS is seeking an experienced Tier 2 Shift Lead Malware Analyst SME (CIRT) Shift Lead to support a high-visibility federal cyber mission. This role is ideal for a hands-on cybersecurity professional who thrives in a fast-paced SOC environment and is ready to lead analysts while driving advanced incident response efforts.
You will play a key role in defending enterprise systems by leading Tier 2 investigations, coordinating response activities, and improving detection and response capabilities across the environment.
What You’ll Do:
Lead Tier 2 incident response investigations across network, endpoint, and cloud environments
Analyze alerts and logs from SIEM, EDR, firewalls, and IDS/IPS tools
Perform deep-dive analysis to identify, contain, and remediate cyber threats
Conduct malware analysis, forensic investigations, and threat hunting
Correlate indicators of compromise (IOCs) and track adversary activity
Monitor and respond to alerts through SIEM and SOAR platforms
Create, update, and execute incident response playbooks and SOPs
Coordinate with stakeholders and federal partners on incident response and reporting
Submit alert tuning recommendations to improve detection quality
Leadership Responsibilities:
Oversee Tier 2 shift operations and ensure ticket quality and completeness
Guide and mentor SOC analysts during investigations
Coordinate remediation efforts with leadership and technical teams
Provide recommendations to improve workflows, processes, and response effectiveness
Support technical interviews and onboarding of new team members
Required Qualifications:
Active Secret clearance (required to start)
U.S. Citizenship
Experience across the incident response lifecycle (detection → containment → remediation → recovery)
Hands-on experience with:
SIEM tools (Splunk, Microsoft Sentinel, Elastic, or similar)
EDR tools (CrowdStrike, Microsoft Defender, Carbon Black, etc.)
SOAR platforms (ServiceNow, Splunk SOAR, or similar)
Experience analyzing logs, network traffic, and endpoint telemetry
Strong understanding of:
Threat intelligence and IOC analysis
Malware analysis and forensic techniques
MITRE ATT&CK framework
Preferred Qualifications:
Experience in a SOC, CIRT, or Cyber Defense environment
Prior leadership, mentoring, or shift lead experience
Experience with cloud security monitoring (AWS, Azure)
Scripting experience (Python, PowerShell, Bash)
Familiarity with digital forensics tools (Autopsy, Volatility, etc.)
Relevant certifications such as:
Security+, CySA+, CISSP, GCIH, GCIA, CEH, or similar
Why Join ICS?
Support a mission-critical federal cyber program
Work alongside a highly skilled and collaborative SOC team
Opportunity to step into or expand leadership responsibilities
Hands-on role with real impact on cyber defense operations
Apply Today:
If you’re a driven cybersecurity professional ready to lead investigations and make an impact in a mission-focused environment, we’d love to connect.
You will play a key role in defending enterprise systems by leading Tier 2 investigations, coordinating response activities, and improving detection and response capabilities across the environment.
What You’ll Do:
Lead Tier 2 incident response investigations across network, endpoint, and cloud environments
Analyze alerts and logs from SIEM, EDR, firewalls, and IDS/IPS tools
Perform deep-dive analysis to identify, contain, and remediate cyber threats
Conduct malware analysis, forensic investigations, and threat hunting
Correlate indicators of compromise (IOCs) and track adversary activity
Monitor and respond to alerts through SIEM and SOAR platforms
Create, update, and execute incident response playbooks and SOPs
Coordinate with stakeholders and federal partners on incident response and reporting
Submit alert tuning recommendations to improve detection quality
Leadership Responsibilities:
Oversee Tier 2 shift operations and ensure ticket quality and completeness
Guide and mentor SOC analysts during investigations
Coordinate remediation efforts with leadership and technical teams
Provide recommendations to improve workflows, processes, and response effectiveness
Support technical interviews and onboarding of new team members
Required Qualifications:
Active Secret clearance (required to start)
U.S. Citizenship
Experience across the incident response lifecycle (detection → containment → remediation → recovery)
Hands-on experience with:
SIEM tools (Splunk, Microsoft Sentinel, Elastic, or similar)
EDR tools (CrowdStrike, Microsoft Defender, Carbon Black, etc.)
SOAR platforms (ServiceNow, Splunk SOAR, or similar)
Experience analyzing logs, network traffic, and endpoint telemetry
Strong understanding of:
Threat intelligence and IOC analysis
Malware analysis and forensic techniques
MITRE ATT&CK framework
Preferred Qualifications:
Experience in a SOC, CIRT, or Cyber Defense environment
Prior leadership, mentoring, or shift lead experience
Experience with cloud security monitoring (AWS, Azure)
Scripting experience (Python, PowerShell, Bash)
Familiarity with digital forensics tools (Autopsy, Volatility, etc.)
Relevant certifications such as:
Security+, CySA+, CISSP, GCIH, GCIA, CEH, or similar
Why Join ICS?
Support a mission-critical federal cyber program
Work alongside a highly skilled and collaborative SOC team
Opportunity to step into or expand leadership responsibilities
Hands-on role with real impact on cyber defense operations
Apply Today:
If you’re a driven cybersecurity professional ready to lead investigations and make an impact in a mission-focused environment, we’d love to connect.
group id: 10176392