Job Details

Job Description: Responsibilities We are seeking a highly motivated and experienced Incident Response Lead to serve as the NGDC SOC's technical authority during active cybersecurity incidents across hybrid cloud and on-prem environments. You will direct responders, coordinate with enterprise stakeholders, and drive rapid containment and eradication of threats targeting the NGDC and FTII platforms. This role is ideal for a seasoned IR professional with strong investigative leadership, decisive problem-solving under pressure, and a passion for elevating SOC maturity. • Direct and execute the full incident response lifecycle - detect, analyze, contain, eradicate, recover, and post-incident improvement. • Act as lead investigator for high-severity incidents, driving scoping, timelines, and decision logs. • Maintain situational awareness and provide clear, timely updates to SOC leadership, Cyber Engineering, ISSO, and FSA stakeholders. • Lead technical coordination with Cloud, Network, Identity, and System Administration teams during active response • Serve as escalation decision authority for containment actions and service disruption trade-offs. • Lead host/network/cloud forensic investigations; guide analysts on SOC suite tool usage. • Validate and evaluate IOCs/IOAs, malware, credential abuse, lateral movement, and persistence mechanisms. • Ensure integrity and documentation meets audit and legal standards. • Maintain and continuously enhance IR playbooks, runbooks, and operational workflows. • Lead incident readiness activities (tabletops, purple team exercises, threat hunt planning). • Translate lessons learned into proactive detection content and security control improvements. • Mentor and technically develop SOC Analysts and supporting engineering roles. • Partner with FSA SOC, CISA, and third-party responders when required. • Coordinate communications with Legal, ISSOs, Public Affairs, and leadership during incidents. • Represent NGDC SOC in briefings with senior government leadership (CISA HVA, DoED, FSA). Qualifications Required Qualifications: • 8+ years of hands-on cybersecurity experience, including 4+ years in incident response or DFIR roles. • Demonstrated ability to lead major incidents affecting hybrid infrastructure (cloud + on-prem). • Strong command of: o Digital forensics methodologies (host and cloud). o Log and SIEM analysis (e.g., Splunk). o EDR platforms (e.g., Trellix, CrowdStrike, Defender). o Network analytics and packet capture fundamentals. • Deep familiarity with MITRE Telecommunication&CK, NIST SP 800-61, and cyber kill chain frameworks. • Excellent communication and situational leadership skills - able to brief executives under pressure. • U.S. Citizen with the ability to obtain a Public Trust clearance Desired Qualifications: • Experience supporting Federal cybersecurity operations, HVA environments, or regulatory incident reporting • Experience with: o AWS GovCloud and M365 security incident management o Identity-centric investigations (AD, Azure AD/Entra ID, IAM abuse) o Infrastructure-as-Code (Terraform/Ansible) and cloud-native IR tooling • Relevant certifications, such as: o GCIA, GCFA, GNFA, GCIH, GDAT, CCSK, CCSP o Cybersecurity IR or forensic-focused certifications (e.g., CFR, CFCE, CHFI) • Prior coordination with external IR firms (Mandiant, Unit42, etc.) • Experience mentoring responders and maturing SOC/IR capabilities Regards, Samson Chacko Federal Staffing Specialist Cell/ Text : 973-###-#### Email: LinkedIn: linkedin.com/in/samson-chacko