Incident Response Specialist

Location: Hampton, VA / Wallops Island, VA
Travel: As needed to support NASA sites
Clearance: Active Secret clearance required; ability and willingness to obtain Top Secret
Citizenship: US Citizenship required

About Grimm

Grimm is an innovative, forward-looking cybersecurity organization focused on solving complex technical challenges across hardware, firmware, and software systems. Our teams specialize in reverse engineering, vulnerability research, and security engineering, supporting mission-critical efforts across national security, defense, and critical infrastructure sectors.

Our work is rooted in real-world operational experience identifying advanced threats, uncovering critical vulnerabilities, and developing meaningful solutions to complex problems. Grimm engineers operate across embedded systems, vehicles, IoT, and enterprise technologies, with a focus on understanding systems deeply and demonstrating real-world impact.

We are a highly technical and hands-on organization. Our engineers and researchers specialize in breaking systems, discovering vulnerabilities, and improving resilience—working directly with real hardware and software to understand how systems function and how they fail.

About the Role

Grimm is seeking Incident Response Specialists to support the NASA CyPRESS program and help defend NASA enterprise networks against global cyber threats.

In this role, you will provide full-spectrum support to NASA's Security Operations Center incident response mission, including incident identification, containment, eradication, recovery, investigation, analysis, reporting, and follow-up. You will support efforts to protect, detect, and respond to unauthorized activity affecting NASA information, information systems, and networks.

We're looking for individuals with strong incident response experience, sound technical judgment, and the ability to operate effectively in a mission-focused environment supporting NASA cybersecurity operations.

What You'll Do

• Support NASA Security Operations Center incident response activities across identification, containment, eradication, recovery, investigation, analysis, reporting, and follow-up
• Assist in coordinating responses to agency-wide or significant cybersecurity incidents
• Analyze cyber threat reporting, including SOC reports and DHS/CISA directives, and recommend appropriate actions
• Develop initial, final, and after-action incident reports, including root cause analysis and lessons learned
• Document incident response activities, technical details, reports, and incident status in NASA's authoritative incident management system
• Prepare reports, assessments, briefings, and recommendations related to cybersecurity incidents
• Recommend rules, policies, and logging requirements for incident detection and response tools
• Support weekly, monthly, quarterly, and annual incident response metrics and trend reporting
• Assist with requirements and configurations for incident management systems and other IR tools
• Support mitigation and correction of identified security deficiencies
• Support local NASA sites and, as needed, other NASA locations

Required Qualifications

• Active Secret clearance
• Ability and willingness to obtain Top Secret clearance
• US Citizenship
• Demonstrated understanding of cyberattacks and potential impacts against enterprise IT systems
• Experience supporting incident response, mitigation, and recovery efforts
• Experience with incident documentation, reporting, analysis, and coordination
• Ability to prepare and present technical reports, assessments, briefings, and recommendations
• Familiarity with cybersecurity incident response processes, procedures, and best practices
• One or more DoD 8570.01-M approved baseline certifications, such as Network+, CySA+, CISSP, GSEC, or similar
• Ability to work a standard Monday–Friday schedule with core business hours

Preferred / Nice to Have

• Experience supporting federal cybersecurity or Security Operations Center environments
• Experience supporting NASA or other federal civilian agency environments
• Familiarity with DHS/CISA Federal Incident Notification Guidelines
• Familiarity with NIST incident response guidance and federal cybersecurity reporting requirements
• Experience with Palantir
• Experience applying AI or automation to cybersecurity operations, incident response, analysis, or reporting
• Experience developing incident response metrics, trend analysis, and executive-level reporting
• Ability to support multiple NASA sites or travel as mission needs require

Benefits

Grimm offers a comprehensive benefits package that includes medical, dental, and vision coverage, life and disability insurance, retirement benefits, paid leave, and opportunities for tuition assistance and ongoing professional development.

Why Grimm

You'll be working alongside highly specialized engineers and researchers tackling challenging problems in embedded security and reverse engineering. Our work directly supports national security missions and requires a high level of technical ownership, creativity, and precision.

If you enjoy working hands-on with hardware, digging into complex systems, and pushing your technical skills further, you'll find this environment both challenging and rewarding.

Equal Opportunity Employer

Grimm is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, genetic information, veteran status, or any other characteristic protected by applicable federal, state, or local laws.