Incident Responder, Journeyman

About The Role

We are seeking a highly skilled and innovative Incident Responder to join our team in the greater DMV area, supporting the Army National Guard.

• Triage alerts, analyze SIEM, EDR, network telemetry, and application logs to identify indicators of compromise and suspected security incidents.
• Execute containment actions per playbooks: isolate hosts, disable accounts, block network traffic, and implement temporary mitigations.
• Collect, preserve, and document forensic artifacts, system logs, and evidence for escalation and deeper analysis.
• Investigate incidents: perform root‑cause analysis, validate detections, and track remediation progress through case records.
• Coordinate response activities with SOC analysts, CIRT teams, network operations, cybersecurity engineers, and stakeholders.
• Validate remediation steps, retest affected systems, and confirm eradication of threats prior to closure.
• Maintain incident timelines, produce technical updates and incident summaries, and support after‑action reviews.
• Identify recurring patterns, visibility gaps, and detection shortfalls; recommend improvements to monitoring and detection coverage.
• Contribute to playbook refinement, evidence‑collection procedures, and adoption of new response techniques and tooling.

• 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
• Clearance:
  Active TS/SCI clearance.
• Candidate must meet ONE of the following:
  • Bachelor's degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering;
  • Relevant DoD/military training (examples: A‑531‑0451;
    Cyber Defense Incident Responder (Intermediate) Playlist);
  • Relevant professional certification or equivalent experience (examples: CEH(P), ECIH, GRID, RCCE Level 1, CBROPS, CCSP, CEH, Cloud+, FITSP‑O, GCED, GCIH, GSEC, Pen Test+, Security+).
• Required experience and skills:
  • Incident response, SOC analyst, or cybersecurity operations experience.
  • Hands‑on experience with EDR, SIEM, packet/network analysis, log forensics, and incident case management workflows.
  • Ability to perform containment actions, forensic collection, evidence handling, and root‑cause analysis per established procedures.
  • Familiarity with RMF/ATO evidence practices, chain‑of‑custody, and documentation for audits.
  • Strong written communication for incident notes, timelines, technical reports, and briefing support.
• Desired:
  • Prior DoD/ARNG or classified‑environment incident response experience.
  • Experience with SOAR playbooks, forensic tools (memory/disk analysis), and scripting for automation (Python, Power Shell).
  • Familiarity with threat‑hunting methodologies, MITRE ATT&CK mapping, and integration with detection engineering workflows.

Target Salary Range: $66,000 - $106,000.

Benefits include medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at

Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.