Cyber Security Operations Specialist Tier 3

ACTIVE TS/SCI SECURITY CLEARANCE REQUIRED**

This role is in anticipation of funded work. As a CSOC Tier 3 Cybersecurity Incident Responder, you will be at the forefront of cybersecurity operations, providing advanced support for containment, eradication, and recovery during incidents. Your expertise in malware analysis, digital forensics, and incident response will be key in ensuring our defenses remain strong and resilient.

This position offers you the chance to collaborate with a skilled team, engage in hands‑on technical work, and continuously improve response strategies through exercises and simulations. If you’re driven, detail‑oriented, and have a passion for cybersecurity, we want you on our team!

• Incident Response Leadership: Coordinate and execute tasks during cybersecurity incidents, including containment measures, IP/domain blocks, and disabling user accounts under Government direction.
• Collaborative Investigations: Work closely with the Security and Installations Directorate, Insider Threat Office, law enforcement, and counterintelligence personnel to triage and investigate incidents.
• Incident Reporting & Categorization: Produce detailed security incident reports, categorize events, and ensure proper reporting, containment, and eradication of incidents.
• Cross‑team Coordination: Ensure seamless coordination across contracts and organizations to de‑conflict blue/red team activities and ensure recovery from incidents.
• Documentation & Analysis: Develop timelines, briefings, and documentation to inform stakeholders about incident impacts and response actions. Keep detailed records of actions taken in authorized ticketing systems.
• Custom Tools & Scripting: Develop and execute custom scripts and tools to analyze data and respond to incidents, when authorized by the Government.
• Digital Media & Malware Analysis: Perform in‑depth analysis of host, server, and network data, including volatile and non‑volatile memory, system artifacts, and malware reverse engineering.
• Adversary Attribution & Signature Development: Identify indicators of compromise and develop signatures to share with cybersecurity stakeholders. Provide detailed adversary attribution to support incident response.
• Continuous Improvement: Collaborate with Tier 1 and 2 teams to remediate discrepancies and provide recommendations to prevent future incidents.

• Experience: A Bachelor's Degree or 8+ years of relevant cybersecurity experience, with a strong focus on incident response and digital forensics.
• Security Clearance: Active TS/SCI clearance with the ability to obtain a polygraph.
• Certifications: Must have or be able to obtain certifications as required by DoDD 8140.01 and DoD 8570.01‑M IAT Level II and CSSP Incident Responder within six months of start.
• Advanced Cybersecurity
  
  Skills:
  
  Expertise in malware analysis, digital forensics, and response to cybersecurity incidents, including host, server, and network data analysis.
• Technical Expertise: Proficiency in scripting and automation, with a focus on developing custom tools to enhance incident response capabilities.
• Strong Communication: Ability to work under pressure and clearly communicate complex technical details to both internal teams and external stakeholders.
• Collaboration & Coordination: Experience working as part of a team, coordinating efforts across multiple organizations and government agencies to ensure swift and effective incident response.
• Documentation & Reporting: Skilled at creating detailed incident reports, timelines, and recommendations, with a focus on clear, actionable insights.

• Advanced Degree: A Master's degree in Cybersecurity or a related field.
• Higher‑Level
  
  Certifications:
  
  IAT III certification or equivalent expertise in the cybersecurity field.

• Impactful Work: Play a key role in defending critical systems from advanced cyber threats and work on real‑world cybersecurity incidents.
• Collaborative Team: Work with top‑tier cybersecurity professionals and government agencies to…