Incident Response Team Lead

 

 

Requisition #: 1435

Job Title: Incident Response Team Lead

Location: Reston, VA

Clearance Level: TS (SCI Eligible)

Active Certified Information System Security Professional (CISSP)

SUMMARY

Agile Defense is seeking experienced Cyber Incident Response Team Lead to support an enterprise cybersecurity program that delivers 24/7/365 Cybersecurity Operations Center (SOC) services. The IR team conducts security investigations for potential threat activity identified within the organization, conducts deep-dive forensic investigations (host-based, cloud and network), identify and implement countermeasures, as well as track and report on incident activity to USG customers. To support this vital mission, Agile Defense staff are on the forefront of providing Advanced CSOC Operations to include the development of advanced analytics and countermeasures to protect critical assets from various cyber threats. To ensure the integrity, security and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, technical analysis and incident response lifecycle. A strong work ethic, diligent time and attendance, written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally, the ideal candidate would be familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management.

JOB DUTIES AND RESPONSIBILITIES

Drive the incident response lifecycle to include incident detection, analysis, escalation, and coordinated response across all CSOC functions. Develop and standardize incident response runbooks, playbooks, and communication protocols; ensure proper evidence handling and thorough documentation. Monitor and improve key performance metrics (MTTA/MTTR); capture lessons learned and implement corrective actions to strengthen future response efforts.

QUALIFICATIONS Required Certifications

Certified Information System Security Professional (CISSP) and

One or more of the following certifications:

GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH); GIAC Certified Forensic Analyst (GCFA); SANS GIAC Certified Enterprise Defender (GCED) or

Other Information Assurance Technician (IAT) Level III certification in accordance with DoD Directive 8570.1.

Education, Background, and Years of Experience

Bachelor of Science in computer science, engineering, STEM or cybersecurity IT or cyber security (or eight (8) years of relevant work experience in lieu of a degree).

ADDITIONAL SKILLS & QUALIFICATIONS

Required Skills

Five (5) years of progressive professional experience in incident response role, SOC analyst role with emphasis in cyber security issues, incidents, hunts or digital forensics and operations, and computer incident response lifecycle.

Candidates must also exhibit proficient use of cyber tools, including but not limited to Security Information and Event Management (SIEM), network analysis, live response, endpoint detection and response tools, Intrusion Prevention / Detections Systems (IPS / IDS) and CSOC ticketing platforms.

Preferred Skills

One or more of the following GFCA, GPEN, GREM, GFNA, GIAC

Familiarity with Cloud environments

WORKING CONDITIONS

Environmental Conditions

Hybrid onsite in Reston, VA

Strength Demands

Physical Requirements