Quick Overview:-
100% work on site - no remote work
-
Secret clearance with the ability to acquire a TS
-
Locations near the Pentagon or Mayfield VA
-
Customer DEA
-
Intermediate SOC Analyst
-
6 years with Bachelor
Position SummaryThe Cyber Defense & Incident Responder is responsible for monitoring, analyzing, and responding to cybersecurity incidents in accordance with established procedures. This role focuses on incident triage, investigation, containment, and recovery to minimize impact and restore normal operations. The analyst will leverage security tools, event logs, correlation data, and threat intelligence to determine the nature and scope of incidents, document findings, and recommend remediation steps.
Key Responsibilities-
Monitor enterprise security systems and analyze alerts to identify potential cybersecurity incidents
-
Review SIEM, IDS/IPS, EDR, and related security tool alerts for anomalous activity, indicators of compromise (IOCs), and indicators of attack (IOAs).
-
Validate alerts, reduce false positives, and prioritize incidents based on severity and impact
-
Perform triage and analysis of security events to determine scope, severity, and urgency
-
Examine log data, network telemetry, and endpoint information to identify malicious activity
-
Correlate event details with internal and external threat intelligence
-
Execute incident response actions in accordance with established procedures
-
Contain affected systems, remove malicious artifacts, and assist with system recovery
-
Escalate complex or critical incidents to senior analysts or SOC leadership as needed
-
Document investigative findings, incident timelines, and remediation actions
-
Create and manage incident tickets and upload supporting evidence and artifacts
-
Contribute to after action reviews and post incident reporting
-
Communicate findings clearly and concisely to technical and nontechnical stakeholders
-
Maintain SOC processes, tools, and playbooks to support effective incident handling
-
Recommend improvements to SOPs, escalation procedures, and detection capabilities
-
Participate in training exercises and knowledge sharing activities
-
Support red, blue, or purple team exercises as directed
-
Stay informed on current and emerging cyber threats, threat actor TTPs, and industry trends
Required Qualifications-
Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Computer Science, Data Science, or related field from an ABET accredited or CAE designated institution preferred. Equivalent experience may be considered in accordance with SOW education substitution requirements
-
Minimum of 6 years of experience in Information Technology and/or Information Security
-
Experience with incident response, threat analysis, SIEM platforms, endpoint security tools, and log analysis
-
Strong analytical and investigative skills with the ability to derive accurate conclusions during incident investigations
-
Active Secret clearance or higher required
-
Must be eligible to obtain a Top Secret clearance if requested
-
Ability to successfully complete a DEA background investigation
-
Must possess at least one applicable DoD 8140 certification or obtain certification within 6 months of onboarding
Preferred Qualifications-
Preferred DCWF Role 511 Cyber Defense Analyst certifications include:
-
CBROPS
-
CFR
-
CompTIA Cloud+, CySA+, PenTest+, or Security+ CE
-
FITSP O
-
SANS GCED, GCFA, GCIA, GDSA, GFACT, GICSP, GISF, or GSEC
-
Additional Information
This role primarily supports the Operations & Response Team, with potential support across Vulnerability Assessment and Penetration Testing and Engineering teams.The position will coordinate closely with cybersecurity, IT operations, engineering, software operations, and investigative technology teams to support enterprise security operations and incident response activities.