396 Incident Response jobs in Washington

Alternate Locations: Work from Home

Work Arrangement:

Remote : Work at home employee

Relocation assistance: is not available for this opportunity.

Requisition #: 74030

The Role at a Glance

This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.

What you'll be doing

• Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.

• Document incidents from initial detection through final resolution.

• Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.

• Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.

• Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents

• Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.

• Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.

• Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.

• Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.

What we're looking for

• 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)

• 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.

• 4 Year/Bachelor's degree or equivalent work experience

#DICE

What's it like to work here?

At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.

What's in it for you:

• Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes

• Leadership development and virtual training opportunities

• PTO/parental leave

• Competitive 401K and employee benefits (

• Free financial counseling, health coaching and employee assistance program

• Tuition assistance program

• Work arrangements that work for you

• Effective productivity/technology tools and training

The pay range for this position is $75,701 - $140,700 with anticipated pay for new hires between the minimum and midpoint of the range and could vary above and below the listed range as permitted by applicable law. Pay is based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln's total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln's standard benefits package.

About The Company

Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, life insurance, group protection, and retirement plan services.

With our 120-year track record of expertise and integrity, millions of customers trust our solutions and service to help put their goals in reach.

Lincoln Financial Distributors, a broker-dealer, is the wholesale distribution organization of Lincoln Financial. Lincoln Financial is the marketing name for Lincoln Financial Corporation and its affiliates including The Lincoln National Life Insurance Company, Fort Wayne, IN, and Lincoln Life & Annuity Company of New York, Syracuse, NY. Lincoln Financial affiliates, their distributors, and their respective employees, representatives and/or insurance agents do not provide tax, accounting or legal advice.

Lincoln is committed to creating a diverse and inclusive ( environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Follow us on Facebook ( , X ( , LinkedIn ( , Instagram ( , and YouTube ( . For the latest company news, visit our newsroom ( .

Be Aware of Fraudulent Recruiting Activities

If you are interested in a career at Lincoln, we encourage you to review our current openings and apply on our website. Lincoln values the privacy and security of every applicant and urges all applicants to diligently protect their sensitive personal information from scams targeting job seekers. These scams can take many forms including fake employment applications, bogus interviews and falsified offer letters.

Lincoln will not ask applicants to provide their social security numbers, date of birth, bank account information or other sensitive information in job applications. Additionally, our recruiters do not communicate with applicants through free e-mail accounts (Gmail, Yahoo, Hotmail) or conduct interviews utilizing video chat rooms. We will never ask applicants to provide payment during the hiring process or extend an offer without conducting a phone, live video or in-person interview. Please contact Lincoln's fraud team at if you encounter a recruiter or see a job opportunity that seems suspicious.

Additional Information

This position may be subject to Lincoln's Political Contribution Policy. An offer of employment may be contingent upon disclosing to Lincoln the details of certain political contributions. Lincoln may decline to extend an offer or terminate employment for this role if it determines political contributions made could have an adverse impact on Lincoln's current or future business interests, misrepresentations were made, or for failure to fully disclose applicable political contributions and or fundraising activities.

Any unsolicited resumes or candidate profiles submitted through our web site or to personal e-mail accounts of employees of Lincoln Financial are considered property of Lincoln Financial and are not subject to payment of agency fees.

Lincoln Financial is an Equal Opportunity employer and, as such, is committed in policy and practice to recruit, hire, compensate, train and promote, in all job classifications, without regard to race, color, religion, sex (including pregnancy), age, national origin, disability, sexual orientation, gender identity and expression, Veteran status, or genetic information. Applicants are evaluated on the basis of job qualifications. If you are a person with a disability that impedes your ability to express your interest for a position through our online application process, or require TTY/TDD assistance, contact us by calling .

This Employer Participates in E-Verify. See the E-Verify ( notices.

Este Empleador Participa en E-Verify. Ver el E-Verify ( avisos.

Lincoln Financial Group ("LFG") is an Equal Opportunity employer and, as such, is committed in policy and practice to recruit, hire, compensate, train and promote, in all job classifications, without regard to race, color, religion, sex (including pregnancy), age, national origin, disability, sexual orientation, gender identity and expression, veterans status, or genetic information. Opportunities throughout LFG are available to employees and applicants and are evaluated on the basis of job qualifications. We have a drug free work environment and we perform pre-employment substance abuse testing.

**Alternate Locations:** Work from Home
**Work Arrangement:**
Remote : Work at home employee
**Relocation assistance:** is not available for this opportunity.
**Requisition #:** 74030
**The Role at a Glance**
This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.
**What you'll be doing**
+ Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.
+ Document incidents from initial detection through final resolution.
+ Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.
+ Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.
+ Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents
+ Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
+ Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.
+ Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.
+ Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.
**What we're looking for**
+ 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)
+ 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.
+ 4 Year/Bachelor's degree or equivalent work experience
#DICE
**What's it like to work here?**
At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.
**What's in it for you:**
+ Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes
+ Leadership development and virtual training opportunities
+ PTO/parental leave
+ Competitive 401K and employee benefits ( Free financial counseling, health coaching and employee assistance program
+ Tuition assistance program
+ Work arrangements that work for you
+ Effective productivity/technology tools and training
The pay range for this position is $75,701 - $140,700 with **anticipated pay for new hires between the minimum and midpoint of the range** and could vary above and below the listed range as permitted by applicable law. Pay is based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln's total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln's standard benefits package.
**About The Company**
Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, life insurance, group protection, and retirement plan services.
With our 120-year track record of expertise and integrity, millions of customers trust our solutions and service to help put their goals in reach.
Lincoln Financial Distributors, a broker-dealer, is the wholesale distribution organization of Lincoln Financial. Lincoln Financial is the marketing name for Lincoln Financial Corporation and its affiliates including The Lincoln National Life Insurance Company, Fort Wayne, IN, and Lincoln Life & Annuity Company of New York, Syracuse, NY. Lincoln Financial affiliates, their distributors, and their respective employees, representatives and/or insurance agents do not provide tax, accounting or legal advice.
Lincoln is committed to creating a diverse and inclusive ( environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Follow us on Facebook ( , X ( , LinkedIn ( , Instagram ( , and YouTube ( . For the latest company news, visit our newsroom ( .
**Be Aware of Fraudulent Recruiting Activities**
If you are interested in a career at Lincoln, we encourage you to review our current openings and apply on our website. Lincoln values the privacy and security of every applicant and urges all applicants to diligently protect their sensitive personal information from scams targeting job seekers. These scams can take many forms including fake employment applications, bogus interviews and falsified offer letters.
Lincoln will not ask applicants to provide their social security numbers, date of birth, bank account information or other sensitive information in job applications. Additionally, our recruiters do not communicate with applicants through free e-mail accounts (Gmail, Yahoo, Hotmail) or conduct interviews utilizing video chat rooms. We will never ask applicants to provide payment during the hiring process or extend an offer without conducting a phone, live video or in-person interview. Please contact Lincoln's fraud team at if you encounter a recruiter or see a job opportunity that seems suspicious.
**Additional Information**
This position may be subject to Lincoln's Political Contribution Policy. An offer of employment may be contingent upon disclosing to Lincoln the details of certain political contributions. Lincoln may decline to extend an offer or terminate employment for this role if it determines political contributions made could have an adverse impact on Lincoln's current or future business interests, misrepresentations were made, or for failure to fully disclose applicable political contributions and or fundraising activities.
Any unsolicited resumes or candidate profiles submitted through our web site or to personal e-mail accounts of employees of Lincoln Financial are considered property of Lincoln Financial and are not subject to payment of agency fees.
Lincoln Financial is an Equal Opportunity employer and, as such, is committed in policy and practice to recruit, hire, compensate, train and promote, in all job classifications, without regard to race, color, religion, sex (including pregnancy), age, national origin, disability, sexual orientation, gender identity and expression, Veteran status, or genetic information. Applicants are evaluated on the basis of job qualifications. If you are a person with a disability that impedes your ability to express your interest for a position through our online application process, or require TTY/TDD assistance, contact us by calling .
This Employer Participates in E-Verify. See the E-Verify ( notices.
Este Empleador Participa en E-Verify. Ver el E-Verify ( avisos.
Lincoln Financial Group ("LFG") is an Equal Opportunity employer and, as such, is committed in policy and practice to recruit, hire, compensate, train and promote, in all job classifications, without regard to race, color, religion, sex (including pregnancy), age, national origin, disability, sexual orientation, gender identity and expression, veterans status, or genetic information. Opportunities throughout LFG are available to employees and applicants and are evaluated on the basis of job qualifications. We have a drug free work environment and we perform pre-employment substance abuse testing.

Overview

This is a remote role that may be hired in several markets across the United States.

As a Senior Incident Response Analyst, you'll be a member of the bank's Cyber Incident Response team. We are looking for an experienced senior level analyst with proven skillsets to detect and respond to threats in the environment, interact with business stakeholders and work to restore operations. This is a technical role and will support the Threat Hunting, Intelligence, and Monitoring functions with content creation, threat analysis, detection recommendations, and colleague mentoring. Seeking a candidate with strong communication skills to complement their technical skillset providing the ability to distill down complex issues for broader understanding expedited incident management.

Responsibilities

• Incident Analyst/handler -investigate SIEM/SOAR events as necessary; bring experience in malware analysis, network/endpoint security to respond to and contain incidents.

• Incident Responder/Incident Lead - Lead Incidents, coordinating the investigation, mitigation, and remediation from a technical perspective. Liaise with technical and business stakeholders.

• Incident Management - Ensures Information Security incidents are properly detected, documented, investigated, and resolved.

• Content Development - Support the creation of countermeasures and mitigations in response to an incident.

• Threat Hunting - Support the operational driven inputs (eg. on the heels of an incident or event) into threat hunting and help build countermeasures/mitigations to address commodity and targeted threats. Also build a capability to track evolving threat actor techniques.

• Post Incident Review - Provide recommendations to improve communication, processes, procedures, and mitigation options based on high severity incidents.

Qualifications

Bachelor's Degree and 8 years of experience in Information security OR High School Diploma or GED and 12 years of experience in Information security

• Experience with all aspects of Incident response including stakeholder management.

• Familiarity with MITRE ATT&CK and its application to countermeasure creation is a plus.

• Support the build out of a proactive threat hunting capability.

• Experience analyzing/dispositioning and escalating security events (systems, application, network, authentication email events)

• Experience translating threat actor techniques to building mitigations across a variety of security technologies. This could take the form of Yara, Sigma or Regular Expressions.

• Ability to define security requirements and drive project deliverables.

• Ability to keep track of multiple incidents and ensure responses are provided in a timely fashion.

• Experience responding to cloud-related incidents in Azure, AWS and Google cloud.
• Cloud administrative experience preferred.
• Cyber Incident Response experience - 3+ years required in which your primary job was an Incident Response role.

• This role requires participation in the afterhours on call rotation. Rotations will cycle on a weekly basis.

The base pay for this position is generally between $140,000 and $188,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at

Incident Response Analyst

Remote Only

Contract

$40/hr - $60/hr

We are seeking a highly skilled Cybersecurity Incident Response Analyst with expertise in threat detection, incident handling, and operational security. The ideal candidate will have a proven track record as part of an incident response team, with the ability to integrate artificial intelligence and machine learning into security operations workflows to enhance detection, automation, and response capabilities.

Key Responsibilities:

• Serve as a core member of the Incident Response (IR) team, performing cybersecurity analysis, incident detection, investigation, containment, eradication, and recovery.

• Conduct root cause analysis, identify attack vectors, and develop recommendations to prevent recurrence.

• Develop and maintain incident response playbooks and standard operating procedures.

• Integrate AI/ML solutions into Security Operations Center (SOC) workflows to improve threat hunting, anomaly detection, and automated triage.

• Utilize and optimize security tools including Splunk , SentinelOne , Armis , and SNA for log analysis, endpoint detection, network monitoring, and asset visibility.

• Collaborate with SOC engineers, threat hunters, and vulnerability management teams to ensure seamless security operations.

• Provide after-action reports, threat intelligence integration, and executive briefings on incident trends.

• Stay current with evolving cyber threats, AI/ML advancements in security, and emerging incident response methodologies.

Required Qualifications:

• A minimum of eight (8) to twelve (12) years' relevant experience.

• A degree from an accredited College/University in the applicable field of services is required. If the individual's degree is not in the applicable field then four additional years of related experience is required.

• Solid understanding of cybersecurity principles, attack vectors, malware analysis, network forensics, and digital evidence handling.

• Proven work history in incident response roles.

• Hands-on experience with SIEM, EDR, and network security platforms (Splunk, SentinelOne, Armis, SNA).

• Strong knowledge of AI/ML applications in security operations, including model selection, tuning, and integration into existing workflows.

• Familiarity with MITRE ATT&CK framework, threat hunting techniques, and cyber kill chain concepts.

• Ability to work under pressure during active incidents and prioritize effectively in high-stress environments.

• Excellent communication skills for both technical and executive-level audiences.

Preferred Qualifications:

• Industry certifications such as GCIA, GCFA, GCIH, GNFA, or equivalent.

• Experience scripting or automating security processes (Python, PowerShell, etc.).

• Prior federal or government contracting experience.

You will receive the following benefits:

• Medical Insurance - Four medical plans to choose from for you and your family

• Dental & Orthodontia Benefits

• Vision Benefits

• Health Savings Account (HSA)

• Health and Dependent Care Flexible Spending Accounts

• Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance

• Hospital Indemnity Insurance

• 401(k) including match with pre and post-tax options

• Paid Sick Time Leave

• Legal and Identity Protection Plans

• Pre-tax Commuter Benefit

• 529 College Saver Plan

TG Federal is an Equal Opportunity Employer. All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available. Employment is subject to the successful completion of a pre-employment screening. Accommodation will be provided in all parts of the hiring process as required under MRP's Employment Accommodation policy. Applicants need to make their needs known in advance.

Category:

• Cybersecurity & Privacy

GovStaff is seeking a Top Secret cleared Tier II Incident Response Analyst. Shift 1, M-F, 6am to 2:30pm . Hybrid role with expectations of working onsite most days of the week. Site location is in the NoMa area of Washington, DC, 20002 at 2CON Square. Excellent company sponsored benefits program, and an opportunity to establish stability and grow your cyber security career under a company sponsored training reimbursement program.

Offering a very competitive salary of $75,000 to $5,000/y r and excellent benefits, including fully paid coverage for Medical, Dental, Vision, and Life Insurance, Supplemental Insurance, 401K with a company match, Flexible Time Off (PTO/Holidays), and even a Higher Education/Training Reimbursement.

The selected candidate will be responsible for monitoring enterprise networks and systems, detecting events, and reporting on all threats that are directed against those systems regardless of their classification level or type.

The Incident Response Analyst will provide the client with a fully comprehensive array of analytical activities in support of external threat monitoring, detection, event analysis, and incident reporting efforts including presentation reviews, internal and external threat reporting, analysis of inbound and outbound public internet traffic, suspicious e-mail messages, administering access request to specific public sites, communicating and coordinating the characterization of events and the response. Typically, the client's sensor grid acquires millions of events per day and events are analyzed and categorized in accordance with the Cyber Security Incident Response Plan.

POSITION RESPONSIBILITIES:

• Provides support for complex computer network exploitation and defense techniques to include deterring, identifying, and investigating computer and network intrusions; providing incident response and remediation support;
• Performing comprehensive computer surveillance/monitoring, identifying vulnerabilities; developing secure network designs and protection strategies, and audits of information security infrastructure.
• Provides technical support for continuous monitoring, computer exploitation and reconnaissance; target mapping and profiling; and, network decoy and deception operations in support of computer intrusion defense operations.
• Provides technical support for forensics services to include evidence seizure, computer forensic analysis, and data recovery, in support of computer crime investigation.
• Researches and maintains proficiency in open and closed source computer exploitation tools, attack techniques, procedures, and trends.
• Performs research into emerging threat sources and develops threat profiles.
• Provides technical support for a comprehensive risk management program identifying mission-critical processes and systems; current and projected threats; and system vulnerabilities.

CANDIDATE QUALIFICATIONS:

• Active Top Secret with SCI eligibility required*
• Be able to commute onsite and support Shift 1, Monday through Friday 6 AM - 2:30 PM EST
• Minimum of four (4) years of general work experience and three (3) years of relevant experience in functional responsibility
• Bachelor's Degree, or an equivalent combination of formal education, experience
• Experience in the following tools and technologies:
  • BRO IDS
  • Splunk SIEM
  • RSA Netwitness
  • FireEye
  • Sourcefire (Snort)
  • CrowdStrike EDR
  • Fidelis XPS
• Strong analytical and organizational skills
• Strong verbal and written communication skills
• Experience with MS Word and other MS Office Applications

ADDITIONAL "PREFERRED" QUALIFICATIONS:

• Experience with securing various environments preferred
• Experience working a SOC and doing incident response is preferred
• Experience and education preferred in eCPPT, OSCP, GCFW, GCIH, other relevant IT security certifications, or advanced vendor certifications such as Splunk Certified Architect or SourceFire Certified Administrator; Security+, GSEC, or other relevant IT security product certifications such as Tenable Certified Nessus Auditor, or SnortCP; CISSP, CISM, or ISO 27001

SIMILAR OPENINGS FOR THE FOLLOWING:
• Part Time, Tier II, Incident Response, Weekend Night Shift, 10pm - 10am. Top Secret Clearance with TS/SCI eligibility required. The role will be an ad hoc shift on either or both Friday and Saturday evening / morning, with expected hours ranging from 24 - 96 per month. Onsite in Washington, DC. Pay is W2 hourly, $3 /hr to 45/hr for hours worked. No benefits included for this part time role.

If you feel either of these openings may meet your experience and interests, please apply to initiate a dialog in confidence. If this position does not meet your interests or the requirements, we'll gladly hang onto your profile in the event another position opens that could be a fit. GovStaff, and all our business partners, adhere to all EEOC regulations.

At GovStaff , we operate in strict confidence: We do not share resumes, names, or applications outside of GovStaff, unless given express consent by each candidate. We welcome all cleared professionals to our GovStaff Network of candidates seeking new job opportunities or those simply wishing to become part of our Network of government support professionals.

**Description**
Tyto Athene is searching for a **Incident Response Analyst** to support our law enforcement customer in Washington, DC.
**Responsibilities:**
The contractor shall provide cyber situational awareness and threat monitoring services. Monitoring, event detection, and reporting of threats are conducted for the DOJ's enterprise networks and systems that operate at different classification levels (i.e., Controlled Unclassified Information). Monitoring, and event detection is conducted using government furnished capabilities Provide User Activity Monitoring (UAM) support to improve, expand, operate, and maintain the products used to implement the Insider Threat Prevention and Detection Program. Services are needed to integrate new data sources, deploy triggers, and create customized functionality (such as visualizations, helpers, and exports) to support existing and future analytical processes and workflows.
+ The contractor shall analyze threats against the environment
+ The contractor shall develop and implement a metrics-based method of providing situational awareness
+ The contractor shall provide a minimum of two (2) security analysts on site 24x7 to meet the DHS TIC SOC requirements. Additional personnel will be required to meet the full requirements of this Call.
+ The contractor shall provide cyber situational awareness and monitoring of threat events
+ The contractorshall operate systems that support tracking, event monitoring, correlation, aggregation, and indexing of data from the Internet. The capability shall assist trend and pattern analysis, and visualization of existing/known and emerging/zero-day threats
+ The contractor shall assist organizations with their:
+ Predictive analysis of data, supporting production of proactive recommendations and mitigations against various kinds of threats
+ Understanding of and swift reaction to real-time and developing threats which manifest themselves in both the 'real-world' and virtual domains
+ Correlation of internal and external data to discover the true nature of an organization, person or location's threat profile
+ The contractor shall provide surge support (i.e. event monitoring and analyst augmentation), complex analysis, and training as required
+ The contractor shall create complex correlation rules and/or triggers in the Enterprise Security Incident Event Management (SIEM) system(s). These rules shall be based on correlations made from multiple log sources.
+ Contractor shall develop and maintain metrics for JSOC management that assist in the overall view of cyber security within the Department. Examples of metrics include: Type of incidents by components, both by US-CERT/NIST category and by type (e.g. Spear Phish, Watering Hole, Crimeware, etc.), User activity, Requests per component, Component time to respond
+ Contract staff shall run the Daily Indicator Report (see Cyber Threat Intelligence section) through JSOC tools to identify DOJ systems that are shown contacting IPs in the report or exhibiting indicators of compromise (IOCs) (i.e. registry keys, processes, file hashes, etc.)
+ Contractor staff shall develop and document change requests to improve the efficiency and effectiveness of DOJ capabilities to detect, analyze and report events and incidents. Change requests shall be documented and coordinated using JSOC procedures for documenting and approving changes to Standard Operating Procedures as well as related JSOC change request processes, procedures, and capability
+ Contractor staff shall use reviews of analysis of events and incidents, change request status, and reviews of operations, standard operating procedures, and problem reports to update risk management efforts and to prepare weekly reports and Program Management Review presentations and reports
+ Engage appropriate stakeholders (information owners, data governance teams, information security risk managers, etc.) in order to identify and determine a proper solution to protect sensitive DOJ information
+ Engage with product vendor technical and executive colleagues to help resolve trouble tickets for the DOJ
+ Have the proper reach back protocols with product vendor established for critical incident resolutions
+ Engage with product vendor product enhancement teams to ensure all DOJ requirements are being tracked and scheduled for implementation
+ Provide technical expert insights into the code of the vendor product agents and , features and modules in order to better enhance the implementation at DOJ
+ Define, advance and drive implementation of UAM to support DOJ's strategic direction
+ Participate in quality assurance activities supporting the UAM indicator/trigger creation process
+ Maintain documentation of any work within the UAM
+ Develop UAM training presentations for various audiences, including product specific material
+ Train business partners, new staff and other key stakeholders as needed
+ Generate UAM reports for incident resolution or investigative support
+ Analyze UAM event information for policy and scanning recommendations to support the overall success of the Program
+ Engage with IT Risk Management, Security Assurance, Security Operations, Data Protection and DLP Program teams to establish accurate reporting and metric requirements
+ Develop and provide status reports to various stakeholders concerning UAM projects or performance
Additionally, support is needed to monitor, maintain, and troubleshoot the existing platform to ensure consistent performance and stability. Support activities shall include but are not limited to the following:
+ Network
+ IT platform
+ IT service logs (from Operating System to Application layers)
+ DOJ and DOJ Security Incident reports
+ DOJ IT service and problem reports routed to JSOC
+ Host based security agents
+ Cloud Based Systems
**Qualifications**
**Clearance:** Secret Clearance required
**Location:** This position is fully remote
**About Tyto Athene**
**Compensation:**
+ Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.
**Benefits:**
+ Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave.
Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains-Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT-empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide.
At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto?
Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, (sexual orientation, gender identity,) national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.
Submit a Referral ( _US-VA-Falls Church_
**ID** _2025-1415_
**Category** _Cybersecurity_
**Position Type** _Full-Time_

Incident Response Analyst
**Remote Only**
Contract
$40/hr - $60/hr
We are seeking a highly skilled Cybersecurity Incident Response Analyst with expertise in threat detection, incident handling, and operational security. The ideal candidate will have a proven track record as part of an incident response team, with the ability to integrate artificial intelligence and machine learning into security operations workflows to enhance detection, automation, and response capabilities.
**Key Responsibilities:**
+ Serve as a core member of the Incident Response (IR) team, performing cybersecurity analysis, incident detection, investigation, containment, eradication, and recovery.
+ Conduct root cause analysis, identify attack vectors, and develop recommendations to prevent recurrence.
+ Develop and maintain incident response playbooks and standard operating procedures.
+ Integrate AI/ML solutions into Security Operations Center (SOC) workflows to improve threat hunting, anomaly detection, and automated triage.
+ Utilize and optimize security tools including **Splunk** , **SentinelOne** , **Armis** , and **SNA** for log analysis, endpoint detection, network monitoring, and asset visibility.
+ Collaborate with SOC engineers, threat hunters, and vulnerability management teams to ensure seamless security operations.
+ Provide after-action reports, threat intelligence integration, and executive briefings on incident trends.
+ Stay current with evolving cyber threats, AI/ML advancements in security, and emerging incident response methodologies.
**Required Qualifications:**
+ A minimum of eight (8) to twelve (12) years' relevant experience.
+ A degree from an accredited College/University in the applicable field of services is required. If the individual's degree is not in the applicable field then four additional years of related experience is required.
+ Solid understanding of cybersecurity principles, attack vectors, malware analysis, network forensics, and digital evidence handling.
+ Proven work history in incident response roles.
+ Hands-on experience with SIEM, EDR, and network security platforms (Splunk, SentinelOne, Armis, SNA).
+ Strong knowledge of AI/ML applications in security operations, including model selection, tuning, and integration into existing workflows.
+ Familiarity with MITRE ATT&CK framework, threat hunting techniques, and cyber kill chain concepts.
+ Ability to work under pressure during active incidents and prioritize effectively in high-stress environments.
+ Excellent communication skills for both technical and executive-level audiences.
**Preferred Qualifications:**
+ Industry certifications such as GCIA, GCFA, GCIH, GNFA, or equivalent.
+ Experience scripting or automating security processes (Python, PowerShell, etc.).
+ Prior federal or government contracting experience.
**You will receive the following benefits:**
+ Medical Insurance - Four medical plans to choose from for you and your family
+ Dental & Orthodontia Benefits
+ Vision Benefits
+ Health Savings Account (HSA)
+ Health and Dependent Care Flexible Spending Accounts
+ Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance
+ Hospital Indemnity Insurance
+ 401(k) including match with pre and post-tax options
+ Paid Sick Time Leave
+ Legal and Identity Protection Plans
+ Pre-tax Commuter Benefit
+ 529 College Saver Plan
TG Federal is an Equal Opportunity Employer. All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available. Employment is subject to the successful completion of a pre-employment screening. Accommodation will be provided in all parts of the hiring process as required under MRP's Employment Accommodation policy. Applicants need to make their needs known in advance.
**Category:**
+ Cybersecurity & Privacy

**Description**
Leidos is seeking an Incident Response Lead to join our team on a highly visible cyber security single-award IDIQ vehicle that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff.
Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a shared DHS incident tracking system and other means of coordination and communication.
Primary Responsibilities
+ In-depth knowledge of each phase of the Incident Response life cycle
+ Expertise in Operating Systems (Windows/Linux) operations and artifacts
+ Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc)
+ Ability to recognize suspicious activity/events, common attacker TTPs, perform logical analysis and research to determine root cause and scope of Incidents
+ Drive implementation and improvement of new tools, capabilities, frameworks, and methodologies
+ Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations
+ Promote and drive implementation of automation and process efficiencies
+ Familiarity with Cyber Kill Chain and ATT&CK Framework and how to leverage in Security Operations
+ Provide guidance and mentorship to improve analyst skill sets and ensure delivery of high quality analysis and work products
+ Establish trust and business relationships with customer and other relevant stakeholders
.Bachelor's Degree and 8-12 years of experience in a technical discipline.
+ 4+ years of supervising and/or managing teams
+ 5+ years of intrusion detection and/or incident handling experience
+ CISSP and SANS GCIH or GCIA required upon start
+ Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations for a large and complex Enterprise
+ Significant experience supervising and leading employees of various labor categories and technical skill levels in efforts similar in size and scope to a mature Security Operation
+ Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations;
+ Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.
+ Strong analytical and troubleshooting skills.
+ Must be a US Citizen.
+ Must hold active TS/SCI security clearance to be considered
Preferred Qualifications
+ Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
+ Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale incident response.
+ Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
**Original Posting:**
June 9, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
**Pay Range:**
Pay Range $104,650.00 - $189,175.00
The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
REQNUMBER: R-00160680
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an equal opportunity employer/disability/vet.

At EY, we're all in to shape your future with confidence.
We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.
**EY Technology:**
Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 250,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization.
EY Technology supports our technology needs through three business units:
**Client Technology (CT)** - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly.
**Enterprise Workplace Technology (EWT)** - EWT supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. EWT will also support our internal technology needs by focusing on a better user experience.
**Information Security (InfoSec)** - InfoSec prevents, detects, responds and mitigates cyber-risk, protecting EY and client data, and our information management systems.
**The opportunity**
The Cyber & Investigative Services (CIS) Incident Coordinator will exercise strong incident management techniques to coordinate security incident response to cybersecurity events or incidents stemming from suspected threats. Candidates for the role must have a strong comprehension of incident response plans and coordination of activities, work well with others, and have strong verbal and written communication skills. Including, a sense of diplomacy, ability to anticipate obstacles, and decision-making skills to handle the fast-paced world of incident management. Foundational skills in incident response, incident management, chain of custody, forensics, event analysis, and hands on cyber security skills are essential.
**Your key responsibilities**
+ Coordinate response efforts to cyber incidents caused by external threats that may involve nontraditional working hours
+ Serve as a liaison to different businesses and interface with fellow team members and colleagues on other security teams. As-needed, manage relationships with business partners, management, vendors, and external parties
+ Drive integration with other corporate incident management programs to ensure consistency and alignment with peer support teams within IT
+ Help lead small to medium sized projects as directed by leadership
+ Be a champion for process and documentation. Develop and document processes to ensure consistent and scalable response operations, and ensure continuous improvement to the company's incident response plan
+ As requested, develop and deliver metrics to leadership
+ Create ready-to-go draft communications and ensure timely reports/updates to leadership during and after an event
+ Own and manage the teams internal action playbooks and knowledgebase
+ Must be willing to be on-call off-hours in rotation with other team members (Required)
**Skills and attributes for success**
+ Resolution of security incidents by validating root cause and solutions
+ Analyze findings in investigative matters, and develop fact-based reports
+ Ability to identify and articulate opportunities for improvement while helping drive lessons learned activities
+ Demonstrated integrity and judgment within a professional environment
+ Inquisitive approach to analysis and peer review
+ Application of emotional intelligence and calm under pressure
+ Ability to appropriately balance work/personal priorities
**To qualify for the role, you must have**
**Education:**
+ Bachelors or Masters Degree in Computer Science, Information Systems, Engineering, a related field, or equivalent experience
**Experience:**
+ 7+ years' experience in at least two of the following roles:
+ Member of a Security Operations Center (SOC)
+ Security Incident Response Analyst or supporting function (2 years minimum)
+ eDiscovery or related role performing forensic functions
+ Deep understanding of security threats, vulnerabilities, and incident response
+ Understanding of electronic investigation, forensic tools, and methodologies, including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes, malware identification and analysis
+ Be familiar with a basic understanding of legalities surrounding electronic discovery and analysis
+ Understanding of regulatory stipulations regarding security incidents
+ Experience with SIEM technologies (i.e. Splunk)
+ Deep understanding of both Windows and Unix/Linux based operating systems
**Ideally, you'll also**
+ Candidates must hold or be willing to pursue related professional certifications such as GCFE, GCFA, GCIH, CISA, CISM, CISSP, or CCIM
**What we look for**
+ Demonstrated integrity in a professional environment
+ Ability to work independently
+ Have a global mind-set for working with different cultures and backgrounds
+ Knowledgeable in business industry standard security incident response process, procedures, and life-cycle
+ Excellent organizational skills and strong attention to detail
+ Excellent teaming skills
+ Excellent social, communication, and writing skills
+ Excellent customer service skills required
**What we offer you**
The compensation ranges below are provided in order to comply with United States pay transparency laws. Other geographies will follow their local salary guidelines, which may not be a direct conversion of published US salary ranges. At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more .
+ We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $124,400 to $32,700. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is 149,300 to 264,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
+ Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year.
+ Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
**Are you ready to shape your future with confidence? Apply today.**
EY accepts applications for this position on an on-going basis.
For those living in California, please click here for additional information.
EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.
**EY | Building a better working world**
EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.
Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.
EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. 
EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at .