Job Requirements
Arlington, VA
Secret Polygraph Unspecified
Mid Level Career (5+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries
Job Description
Quick Overview:
Position Summary
The Cyber Defense & Incident Responder is responsible for monitoring, analyzing, and responding to cybersecurity incidents in accordance with established procedures. This role focuses on incident triage, investigation, containment, and recovery to minimize impact and restore normal operations.
The analyst will leverage security tools, event logs, correlation data, and threat intelligence to determine the nature and scope of incidents, document findings, and recommend remediation steps.
Key Responsibilities
Required Qualifications
Preferred Qualifications
This role primarily supports the Operations & Response Team, with potential support across Vulnerability Assessment and Penetration Testing and Engineering teams.The position will coordinate closely with cybersecurity, IT operations, engineering, software operations, and investigative technology teams to support enterprise security operations and incident response activities.
- 100% work on site - no remote work
- Secret clearance with the ability to acquire a TS
- Locations near the Pentagon or Mayfield VA
- Customer DIA
- Intermediate SOC Analyst
- 6 years with Bachelor
Position Summary
The Cyber Defense & Incident Responder is responsible for monitoring, analyzing, and responding to cybersecurity incidents in accordance with established procedures. This role focuses on incident triage, investigation, containment, and recovery to minimize impact and restore normal operations.
The analyst will leverage security tools, event logs, correlation data, and threat intelligence to determine the nature and scope of incidents, document findings, and recommend remediation steps.
Key Responsibilities
Monitor enterprise security systems and analyze alerts to identify potential cybersecurity incidents
Review SIEM, IDS/IPS, EDR, and related tool alerts for anomalous activity and indicators of compromise
Validate alerts, reduce false positives, and prioritize incidents based on severity and impact
Perform triage and analysis of security events to determine scope, severity, and urgency
Examine log data, network telemetry, and endpoint information to identify malicious activity
Correlate event details with internal and external threat intelligence
Execute incident response actions in accordance with established procedures
Contain affected systems, remove malicious artifacts, and assist with system recovery
Escalate complex or critical incidents to senior analysts or SOC leadership as needed
Document investigative findings, incident timelines, and remediation actions
Create and manage incident tickets and upload supporting evidence and artifacts
Contribute to after action reviews and post incident reporting
Communicate findings clearly and concisely to technical and nontechnical stakeholders
Maintain SOC processes, tools, and playbooks to support effective incident handling
Recommend improvements to SOPs, escalation procedures, and detection capabilities
Participate in training exercises and knowledge sharing activities
Support red, blue, or purple team exercises as directed
Stay informed on current and emerging cyber threats, threat actor TTPs, and industry trends
Required Qualifications
Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Computer Science, Data Science, or related field from an ABET accredited or CAE designated institution preferred
Minimum of 6 years of experience in Information Technology and/or Information Security
Experience with incident response, threat analysis, SIEM platforms, endpoint security tools, and log analysis
Strong analytical and investigative skills with the ability to derive accurate conclusions during incident investigations
Active Secret clearance or higher required
Must be eligible to obtain a Top Secret clearance if requested
Ability to successfully complete a DEA background investigation
Must possess at least one applicable DoD 8140 certification or obtain certification within 6 months of onboarding
Preferred Qualifications
Preferred DCWF Role 511 Cyber Defense Analyst certifications include:
CBROPS
CFR
CompTIA Cloud+, CySA+, PenTest+, or Security+ CE
FITSP O
SANS GCED, GCFA, GCIA, GDSA, GFACT, GICSP, GISF, or GSEC
Additional Information
This role primarily supports the Operations & Response Team, with potential support across Vulnerability Assessment and Penetration Testing and Engineering teams.The position will coordinate closely with cybersecurity, IT operations, engineering, software operations, and investigative technology teams to support enterprise security operations and incident response activities.
group id: 91091699