• Location: Mclean, Virginia
  • Type: Direct Hire
  • Job #898


We are seeking a Senior Incident Handler that specializes in Cyber Incident Response. The Cyber Incident Handler will lead incident responses and perform Tactical Digital Forensics, malware analysis, and network forensics to support the containment, eradication, and recovery from computer network intrusions. Be a part of a diverse, multi-discipline team that has high visibility and several avenues for continued career growth. 


The CIRT Incident Handler on this agency-level Cyber Security support contract performs the following duties:


  • Performs actions in response to identified cyber intrusions
  • Determines appropriate course of action in response to identified cyber security attacks or anomalous network activity
  • Performs advanced analysis to include forensic seizures of hardware, malware triage and dynamic analysis, and determination of the scope of compromise during a cyber attack
  • Communicates with stakeholders and leaders to ensure cyber incidents are managed appropriately
  • Acts as incident command during small scale cyber-attacks and cyber response subject matter expert during large scale attacks
  • Recommend enterprise countermeasures based on threat trends
  • Prepares detailed recommendations for network defense improvements to close or mitigate cyber incidents


Job Requirements:


Required Security Clearance: TS/SCI with FSP


Qualifications Requirements:

  • Demonstrated experience in cyber incident response/detection or expert network engineering, system administration, or DevOps
  • Excellent interpersonal, organizational, writing, communications, and briefing skills
  • Strong analytical and problem-solving skills


Familiarity with the following classes of enterprise cyber defense technologies:


  • Network and Host malware detection and prevention
  • Network and Host forensic tools
  • Endpoint Detection and Response (EDR)
  • Network Detection and Response (NDR)
  • Sysmon, audited, Windows Security Event Log analysis
  • Web/Email gateway security technologies
  • Experience with Splunk, Windows PowerShell, or similar technologies
  • Netflow and Full Packet Capture solutions
  • Security Information and Event Management (SIEM) systems
  • Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
  • Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
  • AWS, Azure, GCP incident response


Required Education and Experience:

  • BS (bachelor's degree in electrical engineering, computer engineering, computer science, or other closely related IT discipline)10 years’ experience if no BS
  • Minimum of five years of progressively responsible experience in Cyber Security, InfoSec, Security Engineering, Network Engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, data management
  • DOD 8570 IAT Level I, CSSP-IR, or CSSP-A


Employment Type: Full Time / Permanent


Working Conditions:

  • This McLean, VA based position will be Monday – Friday with core hours
  • Maybe required to COVID vaccine or negative testing requirement.


Physical Requirements:

Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.


Background Screening/Check/Investigation:

Successful Completion of a Background Screening/Check/Investigation will/may be required as a condition of hire.


Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!