Cyber Defense Incident Responder

Summary

The Cyber Defense Incident Responder (Advanced) performs hands‑on technical work while guiding and directing senior and mid‑level analysts. This role involves advanced threat detection, threat intelligence research, practical application of threat intelligence to operations, development of custom scripts, and a working understanding of complex threat actor techniques used to compromise systems and evade detection. The ideal candidate brings extensive operational experience defending highly secure enclaves, specifically navigating Top Secret/Sensitive Compartmented Information (TS/SCI) and Special Access Program (SAP) networks.

In Office. Arlington, VA.

• Lead a small team of advanced and mid-level security analysts to provide Incident Defense () services for government clients, specifically tailored to the unique security constraints of TS/SCI and SAP environments.
• Serve as the primary technical point of contact for complex threat hunting issues, and mentor new  members to grow their skills and operational abilities.
• Engineer advanced detection alerting rules for events reported by endpoints, cloud services, network devices, and other relevant event sources across classified enclaves, using Splunk SPL, Microsoft Kusto Query Language (KQL), Elastic Kibana Query Language, Carbon Black, Snort rules, or other pattern‑matching detection tools.
• Proactively research new malware using hunting capabilities on malware repository services (such as Virus Total) and through established partnerships with other security researchers, ensuring all malware handling adheres to strict classified network protocols.
• Lead targeted phishing campaigns to help educate the workforce on the risks of social engineering and malicious attachments.
• Lead purple and red teaming efforts as directed, conducting adversary emulation relevant to the architecture of highly classified networks.
• Provide critical support to the Network Operations and Security Center (NOSC) and coordinate team schedules to ensure on‑call coverage for after‑hours, weekends, and holidays.
• Maintain the toolkit utilized by the ; conduct research analysis on the latest cybersecurity tools, provide rationale to renew or deprecate current tools, and recommend new technologies for the enterprise.
• Perform comprehensive research and investigations with little to no oversight to locate information relevant to government requests, communicating findings effectively to government information security professionals.
• Ensure all written communication (reports, briefings, and alerts) is professional, high‑quality, free of errors, and clearly delivers actionable intelligence.
• Perform other duties as assigned.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.

• High school diploma or GED equivalent required.
• Bachelor's degree in Computer Science, Digital Forensics, or a related major with an emphasis on Security preferred.
• Six (6) or more years of experience in Threat Hunting, Security Research, or Incident Response.
• Demonstrated leadership skills, preferably in a formal leadership role.
• Demonstrated scripting experience.
• Active TS/SCI clearance required.

• SAP (Special Access Program) access eligibility or prior SAP‑network operational experience.
• Relevant industry certifications (e.g., GCIH, GCFA, GCIA, GREM, GDAT, CySA+, or equivalent).
• Ability to successfully pass background and drug screening.

• Advanced technical expertise in threat hunting, deep‑divе malware analysis, and the operational application of threat intelligence within highly classified (TS/SCI and SAP) network enclaves.
• Demonstrated leadership and industry contribution, recognized as a subject matter expert within the defense or broader information security community for advancing incident response methodologies.
• Proven track record of excellence in guiding, mentoring, and directing mid‑level and senior information security professionals during active cyber operations and crisis response.
• Government/client service experience as a primary technical…