×
Register Here to Apply for Jobs or Post Jobs. X

Senior Cyber Defense Analyst, Incident Responder

Job in Huntsville, Madison County, Alabama, 35824, USA
Listing for: Jobtailor
Full Time position
Listed on 2026-07-13
Job specializations:
  • IT/Tech
    Cybersecurity, Security Management & Operations, Information Security
Salary/Wage Range or Industry Benchmark: 120000 - 180000 USD Yearly USD 120000.00 180000.00 YEAR
Job Description & How to Apply Below

Responsibilities

  • Provide oversight and guidance on the MDA Cybersecurity Service Provider - Computer Emergency Response Team’s (MDA CSSP-CERT’s) Cyber Defense and Incident Response program and serve as the primary POC for Jr and Mid Cyber Defense Analyst.
  • Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM).
  • Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture.
  • Perform preliminary analysis, identification, and response actions to detect, characterize, and respond to cyber incidents IAW CJCSM 6510.01B.
  • Lead event/incident investigations from start to conclusion, to include gathering data, analysis, and reporting.
  • Properly document all steps in the incident response process while taking care to preserve and protect incident artifacts, evidence, and chain of custody.
  • Analyze correlated asset, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture.
  • Support a Cyber Defense Analyst and Cyber Defense Incident Responder training plan by instructing, evaluating, and mentoring Junior and Mid Cyber Defense Analyst and Cyber Defense Incident Responders.
  • Support the development, establishment, review and update of DCO procedures, processes, manuals, and other documentation.
  • Leverage actionable Cyber Threat Intelligence data to search for indicators of compromise and develop SIEM content/signatures to detect known attack patterns and make recommendations for improvements.
  • Coordinate with CSSP-CERT subscribers to develop current configurations, rules, and signatures for cyber security related toolsets.
  • Coordinate with CSSP-CERT subscribers to notify, investigate, and remediate discrepancies in security logging and CSSP-CERT alignment.
  • Provide standardized and targeted training in support of CSSP-CERT subscriber cyber defense and incident response programs.
  • Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines.
  • Provide support to internal and external Insider threat and law enforcement / counterintelligence (LE/CI) agencies during cyber incidents / investigations.
Requirements
  • Must have 6, or more, years of combined experience performing the full life-cycle of incident response and enterprise-level monitoring and analysis of events.
  • Must have 2, or more, years of experience in management or leadership in a team environment.
  • Must possess one of the following certifications: CBROPS, CFR, CySA+, GCFA, GCIA, GICSP.
  • Must have an active DoW Top Secret with SCI Eligibility.
  • Have a Master's degree, or higher, in Cybersecurity, Computer Science or related field.
  • Possess one or more of the following advanced cybersecurity certifications:
    Offensive Security: OSCP, PNPT, GPEN;
    Forensics/Incident Response: GCFA, GCFE, GCIH, EC-Council Certified Hacking Forensic Investigator (CHFI);
    Threat Hunting/Analysis: GIAC Certified Cyber Threat Intelligence (GCTI).
  • Have an active DoD Top Secret clearance.
  • Have experience with security analysis and solutions in a WAN/LAN environment to include Routers, Switches, Network Devices, and Operating Systems (e.g., Windows, Linux).
  • Have experience with other Security Operations Centers (SOC)/DCO tools/applications, such as Firewalls, Intrusion Detection Systems / Intrusion Prevention Systems, Network Security Manager, Forward Proxy, Spam Firewall, etc.
  • Have experience analyzing security compliance scans performed across a WAN (ACAS/Nessus preferred).
  • Have experience analyzing network and host-based threats (ESS preferred).
  • Be able to mentor and train personnel in an evolving, high‑paced environment.
  • Be familiar with DoD Security Operations Centers (SOC).
  • Be familiar with DCO/Cybersecurity Service Provider (CSSP)-guiding security policies and procedures.
  • Have demonstrable experience in offensive security operations, such as penetration testing, red teaming, or exploit development.
  • Have experience with advanced digital forensics, including host-based and memory analysis.
  • Be proficient in scripting and data analysis with languages such as Python, Power Shell, Bash, or KQL to automate tasks and parse large datasets.
  • Be familiar with the intelligence cycle and its application to cybersecurity operations.
  • Have experience with hunt‑centric security platforms, including industry‑standard Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) tools.
  • Be familiar with the application of Artificial Intelligence (AI) and Large Language Models (LLMs) in cybersecurity, including the ability to leverage AI‑driven security tools and critically assess their output.
#J-18808-Ljbffr
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary