Incident Response Analyst (Task 4 – Federal Cybersecurity Contract)
Location: Remote with occasional on-site (Washington, D.C. Metro Area)
Employment Type: Full-Time
Clearance: Public Trust (or eligibility to obtain)
We are seeking an experienced Incident Response Analyst to support Task 4 – Incident Response Management on a federal cybersecurity services contract. This role provides front-line security event triage, investigation, reporting, and coordination across multiple federal cybersecurity teams.
The ideal candidate has hands-on experience with enterprise IR tooling-CrowdStrike, FireEye (Trellix), Splunk, NetWitness, and Magnet AXIOM-and is comfortable working in a high-tempo operational environment aligned with federal cybersecurity frameworks (NIST, FISMA, OMB).
Key Responsibilities
• Perform initial triage of security events from SIEM, EDR, NDR, and log sources, including CrowdStrike, FireEye/Trellix, Splunk, NetWitness, and related platforms.
• Conduct incident investigations, including host and network forensics, log analysis, and evidence review using tools such as NetWitness and AXIOM.
• Coordinate closely with HHS CSIRC, OpDiv incident response teams, system owners, and security engineering staff to validate findings and recommend containment actions.
• Provide daily updates, SITREPs, and written documentation of incident status, investigative steps, and remediation recommendations.
• Develop incident dashboards and knowledge base documentation within Splunk and other IR platforms.
• Support containment, eradication, and recovery efforts aligned to federal IR procedures.
• Participate in tabletop exercises, readiness assessments, and operational continuity testing.
• Monitor and manage the Incident Response Team (IRT) mailbox; escalate urgent items within required SLAs.
• Assist with audit support, evidence gathering, and post-incident reviews.
• Contribute to continuous improvement of incident response processes and playbooks.
Required Qualifications
• 2–5+ years of experience in cybersecurity operations, SOC analysis, or incident response.
• Direct hands-on experience with IR tools, including:
• *
CrowdStrike Falcon (EDR)
• FireEye/Trellix (HX, Helix, or equivalent)
• Splunk (SIEM, dashboards, search queries)
• NetWitness (network forensics, packet analysis)
• Magnet AXIOM (host forensics)
• Strong understanding of adversary techniques, malware behavior, incident timelines, and forensic artifacts.
• Familiarity with NIST 800-61, NIST 800-53, FISMA, OMB guidance.
• Ability to clearly document investigations and communicate findings to technical and non-technical audiences.
• Eligibility to obtain and maintain a Public Trust clearance.
Preferred Qualifications
• Experience supporting federal agencies (HHS, DHS, DoD, DOJ, etc.).
• Certifications such as Security+, CySA+, CEH, GCIH, GCIA, CHFI, or related.
• Experience performing threat hunting across EDR, SIEM, and NDR tools.
• Familiarity with packet analysis tools (Wireshark) and scripting languages (Python, PowerShell).
• Experience with ServiceNow or similar ticketing platforms
Work ScheduleExpectations
• Core hours: 7:00 AM – 5:00 PM EST, Monday through Friday, with the flexibility to support after-hours incidents as needed.
• Participation in on-call rotations may be required.
• Remote work permitted with reliable connectivity and camera-enabled participation.