Job Requirements
Remote
Public Trust Polygraph not specified
Senior Level Career (10+ yrs experience)
$145,000 - $190,000
Job Description
We are seeking a highly motivated and experienced Incident Response Lead to serve as the technical authority during active cybersecurity incidents across hybrid cloud and on-prem environments. You will direct responders, coordinate with enterprise stakeholders, and drive rapid containment and eradication of threats targeting all platforms. This role is ideal for a seasoned IR professional with strong investigative leadership, decisive problem-solving under pressure, and a passion for elevating SOC maturity.
-Operational Leadership
• Direct and execute the full incident response lifecycle - detect, analyze, contain, eradicate, recover, and post-incident improvement
• Act as lead investigator for high-severity incidents, driving scoping, timelines, and decision logs
• Maintain situational awareness and provide clear, timely updates to SOC leadership, Cyber Engineering, ISSO, and FSA stakeholders
• Lead technical coordination with Cloud, Network, Identity, and System Administration teams during active response
• Serve as escalation decision authority for containment actions and service disruption trade-offs
-Technical Investigation & Forensics
• Lead host/network/cloud DFIR investigations; guide analysts in EDR, SIEM, and NDR tool usage
• Validate and evaluate IOCs/IOAs, malware, credential abuse, lateral movement, and persistence mechanisms
• Ensure evidence integrity and documentation meets audit and legal standards
Preparedness & Program Maturity
• Maintain and continuously enhance IR playbooks, runbooks, and operational workflows
• Lead incident readiness activities (tabletops, purple team exercises, threat hunt planning)
• Translate lessons learned into proactive detection content and security control improvements
• Mentor and technically develop SOC Analysts and supporting engineering roles
-Collaboration & Cross-Functional Coordination
• Partner with FSA SOC, EDSOC, CISA, and third-party responders when required
• Coordinate communications with Legal, ISSOs, Public Affairs, and leadership during incidents
• Represent NGDC SOC in briefings with senior government leadership (CISA HVA, DoED, FSA)
Required Qualifications
• 10 years of hands-on cybersecurity experience within a SOC, including 6+ years in incident response or DFIR roles
• Demonstrated ability to lead major incidents affecting cloud infrastructure (AWS)
• Strong command of:
o Digital forensics methodologies (host, network, and cloud)
o Log and SIEM analysis (e.g., Splunk)
o EDR platforms (e.g., Trellix)
o Network analytics and packet capture fundamentals
• Deep familiarity with MITRE ATT&CK, NIST SP 800-61, and cyber kill chain frameworks
• Excellent communication and situational leadership skills - able to brief executives under pressure
-Operational Leadership
• Direct and execute the full incident response lifecycle - detect, analyze, contain, eradicate, recover, and post-incident improvement
• Act as lead investigator for high-severity incidents, driving scoping, timelines, and decision logs
• Maintain situational awareness and provide clear, timely updates to SOC leadership, Cyber Engineering, ISSO, and FSA stakeholders
• Lead technical coordination with Cloud, Network, Identity, and System Administration teams during active response
• Serve as escalation decision authority for containment actions and service disruption trade-offs
-Technical Investigation & Forensics
• Lead host/network/cloud DFIR investigations; guide analysts in EDR, SIEM, and NDR tool usage
• Validate and evaluate IOCs/IOAs, malware, credential abuse, lateral movement, and persistence mechanisms
• Ensure evidence integrity and documentation meets audit and legal standards
Preparedness & Program Maturity
• Maintain and continuously enhance IR playbooks, runbooks, and operational workflows
• Lead incident readiness activities (tabletops, purple team exercises, threat hunt planning)
• Translate lessons learned into proactive detection content and security control improvements
• Mentor and technically develop SOC Analysts and supporting engineering roles
-Collaboration & Cross-Functional Coordination
• Partner with FSA SOC, EDSOC, CISA, and third-party responders when required
• Coordinate communications with Legal, ISSOs, Public Affairs, and leadership during incidents
• Represent NGDC SOC in briefings with senior government leadership (CISA HVA, DoED, FSA)
Required Qualifications
• 10 years of hands-on cybersecurity experience within a SOC, including 6+ years in incident response or DFIR roles
• Demonstrated ability to lead major incidents affecting cloud infrastructure (AWS)
• Strong command of:
o Digital forensics methodologies (host, network, and cloud)
o Log and SIEM analysis (e.g., Splunk)
o EDR platforms (e.g., Trellix)
o Network analytics and packet capture fundamentals
• Deep familiarity with MITRE ATT&CK, NIST SP 800-61, and cyber kill chain frameworks
• Excellent communication and situational leadership skills - able to brief executives under pressure
group id: 10117305