Incident Response Analyst

Incident Response Analyst (Task 4 – Federal Cybersecurity Contract)

Location: Remote with occasional on-site (Washington, D.C. Metro Area)

Employment Type: Full-Time

Clearance: Public Trust (or eligibility to obtain)

We are seeking an experienced Incident Response Analyst to support Task 4 – Incident Response Management on a federal cybersecurity services contract. This role provides front-line security event triage, investigation, reporting, and coordination across multiple federal cybersecurity teams.

The ideal candidate has hands-on experience with enterprise IR tooling-CrowdStrike, FireEye (Trellix), Splunk, NetWitness, and Magnet AXIOM-and is comfortable working in a high-tempo operational environment aligned with federal cybersecurity frameworks (NIST, FISMA, OMB).

Key Responsibilities

• Perform initial triage of security events from SIEM, EDR, NDR, and log sources, including CrowdStrike, FireEye/Trellix, Splunk, NetWitness, and related platforms.

• Conduct incident investigations, including host and network forensics, log analysis, and evidence review using tools such as NetWitness and AXIOM.

• Coordinate closely with HHS CSIRC, OpDiv incident response teams, system owners, and security engineering staff to validate findings and recommend containment actions.

• Provide daily updates, SITREPs, and written documentation of incident status, investigative steps, and remediation recommendations.

• Develop incident dashboards and knowledge base documentation within Splunk and other IR platforms.

• Support containment, eradication, and recovery efforts aligned to federal IR procedures.

• Participate in tabletop exercises, readiness assessments, and operational continuity testing.

• Monitor and manage the Incident Response Team (IRT) mailbox; escalate urgent items within required SLAs.

• Assist with audit support, evidence gathering, and post-incident reviews.

• Contribute to continuous improvement of incident response processes and playbooks.

Required Qualifications

• 2–5+ years of experience in cybersecurity operations, SOC analysis, or incident response.

• Direct hands-on experience with IR tools, including:

• • CrowdStrike Falcon (EDR)

  • FireEye/Trellix (HX, Helix, or equivalent)

  • Splunk (SIEM, dashboards, search queries)

  • NetWitness (network forensics, packet analysis)

  • Magnet AXIOM (host forensics)

• Strong understanding of adversary techniques, malware behavior, incident timelines, and forensic artifacts.

• Familiarity with NIST 800-61, NIST 800-53, FISMA, OMB guidance.

• Ability to clearly document investigations and communicate findings to technical and non-technical audiences.

• Eligibility to obtain and maintain a Public Trust clearance.

Preferred Qualifications

• Experience supporting federal agencies (HHS, DHS, DoD, DOJ, etc.).

• Certifications such as Security+, CySA+, CEH, GCIH, GCIA, CHFI, or related.

• Experience performing threat hunting across EDR, SIEM, and NDR tools.

• Familiarity with packet analysis tools (Wireshark) and scripting languages (Python, PowerShell).

• Experience with ServiceNow or similar ticketing platforms

Work Schedule & Expectations

• Core hours: 7:00 AM – 5:00 PM EST, Monday through Friday, with the flexibility to support after-hours incidents as needed.

• Participation in on-call rotations may be required.

• Remote work permitted with reliable connectivity and camera-enabled participation.