Senior Incident Responder
Listed on 2026-06-26
-
IT/Tech
Cybersecurity, Systems Engineer
Job Title:
Senior Incident Responder
Job Category:
Information Technology
Time Type:
Full time
Minimum Clearance Required to Start: TS/SCI
Employee Type:
Regular
Percentage of
Travel Required:
Up to 10%
Type of Travel:
Local
CaCI is seeking a skilled and experienced Incident Responder (Level
3) to join our dynamic team to support a DoD client in Suitland, MD. The ideal candidate will have a robust background in Computer Network Defense (CND), incident management, and cybersecurity operations. This role requires a proactive individual with significant experience in monitoring, investigating, and responding to cybersecurity alerts, as well as developing and implementing defense tactics, techniques, and procedures (TTPs).
- Incident Response:
Monitor and investigate alerts from cybersecurity tools. Respond to and mitigate cybersecurity incidents and breaches following established incident management lifecycle processes. - Threat Analysis:
Identify and classify attack vectors, analyze malware, and develop countermeasures. Utilize network traffic packet captures and analysis methodologies. - Tool Utilization:
Operate Network Intrusion Detection/Prevention Systems (NIDPS) such as Cisco Fire Power, Palo Alto NGFW, and host-based systems like Trellix ePO, Microsoft Defender, and Tanium. Manage Security Information and Event Management (SIEM) systems such as Splunk and Elastic. - Documentation and Reporting:
Write detailed reports, create best practices manuals, and develop standard operating procedures. Document incident response activities and findings. - Penetration Testing:
Conduct penetration testing and Red Teaming exercises using tools such as Kali, SamuraiWTF, NMap, Burp Suite, sqlmap, and Metasploit. - Scripting and Coding:
Develop scripts and tools using languages such as Python, Perl, Ruby, JavaScript, Power Shell, and others as needed for incident response and automation. - Collaboration:
Work closely with other cybersecurity teams, IT staff, and stakeholders to ensure a cohesive defense strategy. Provide briefings and presentations as required. - Continuous Improvement:
Stay updated on the latest cybersecurity threats, trends, and technologies. Implement improvements to existing security posture and incident response processes.
Required:
- TS/SCI Security Clearance
- BA/BS in Computer Science, Information Technology, Information Assurance, or a related field. Master’s degree preferred. Alternatively, 15+ years of relevant professional experience in lieu of a degree.
- Minimum of 10 years of concentrated experience in CND.
- 5+ years of professional experience in monitoring and investigating cybersecurity alerts.
- Significant experience with Federal, DoD, IC, and industry standards.
- Strong interpersonal, organizational, time management, writing/documentation, and briefing skills.
- Excellent analytical, conceptual, and problem-solving skills.
- Proven ability to communicate effectively and develop/present presentations.
- Experience in developing and implementing CND TTPs.
- Knowledge of network security architecture, including topology, protocols, and components.
- Familiarity with common adversary TTPs and enterprise services (domain controllers, print, email, DNS, web servers).
- Experience with network traffic analysis tools like Wire Shark or NIKSUN.
- Proficiency in scripting and coding languages (Python, Perl, Ruby, JavaScript, Power Shell, C, C++, Java, , PHP, AJAX).
- Certifications:
Must possess one of the industry certifications listed under CSSP Incident Responder per the requirements of the DoD Cyber Security Workforce Improvement Program, DoD 8570.01-M.
A culture of integrity. At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.
An environment of trust. CACI values the unique contributions that every employee brings to our company and our customers – every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).