Senior Cyber Defense Analyst / Incident Responder IRES - SSFB/HSV

Position Title: Senior Cyber Defense Analyst / Incident Responder Location: Schriever Space Force Base, Colorado Springs, CO or Redstone Arsenal, Huntsville, AL Relocation Assistance: None available at this time Remote/Telework: NO Clearance Type: DoW Top Secret with SCI Eligibility Shift: Rotating Shift Travel Required: Up to 10% of the time Description of Duties: The Senior Cyber Defense Analyst / Incident Responder supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will: Provide oversight and guidance on the MDA Cybersecurity Service Provider - Computer Emergency Response Team’s (MDA CSSP-CERT’s) Cyber Defense and Incident Response program and serve as the primary POC for Jr and Mid Cyber Defense Analyst. Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM). Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture. Perform preliminary analysis, identification, and response actions to detect, characterize, and respond to cyber incidents IAW CJCSM 6510.01B. Lead event/incident investigations from start to conclusion, to include gathering data, analysis, and reporting. Properly document all steps in the incident response process while taking care to preserve and protect incident artifacts, evidence, and chain of custody. Analyze correlated asset, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture. Support a Cyber Defense Analyst and Cyber Defense Incident Responder training plan by instructing, evaluating, and mentoring Junior and Mid Cyber Defense Analyst and Cyber Defense Incident Responders. Support the development, establishment, review and update of DCO procedures, processes, manuals, and other documentation. Leverage actionable Cyber Threat Intelligence data to search for indicators of compromise and develop SIEM content/signatures to detect known attack patterns and make recommendations for improvements. Coordinate with CSSP-CERT subscribers to develop current configurations, rules, and signatures for cyber security related toolsets. Coordinate with CSSP-CERT subscribers to notify, investigate, and remediate discrepancies in security logging and CSSP-CERT alignment. Provide standardized and targeted training in support of CSSP-CERT subscriber cyber defense and incident response programs. Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines. Provide support to internal and external Insider threat and law enforcement / counterintelligence (LE/CI) agencies during cyber incidents / investigations. The successful candidate will: Have experience with most MS Office applications (Word, Excel, PowerPoint, and Visio). Be able to multi-task and prioritize various projects and assignments in a dynamic work environment in order to meet scheduled/unscheduled customer requests. Be willing to travel 25% of the time. Be willing to work rotating shifts in a 24/7 operational environment and respond quickly to emergencies as needed. Resumes, in month and year format, must be submitted with application in order to be considered for the position. The selected candidate may be assigned as an employee for one of our teammate companies. Basic Requirements: Must have 6, or more, years of combined experience performing the full life-cycle of incident response and enterprise-level monitoring and analysis of events Must have 2, or more, years of experience in management or leadership in a team environment Must possess one of the following certifications: CBROPS, CFR, CySA+, GCFA, GCIA, GICSP Must have an active DoW Top Secret with SCI Eligibility Desired Requirements: Have a Master's degree, or higher, in Cybersecurity, Computer Science or related field Possess one or more of the following advanced cybersecurity certifications: Offensive Security: OSCP, PNPT, GPEN | Forensics/Incident Response: GCFA, GCFE, GCIH, EC-Council Certified Hacking Forensic Investigator (CHFI) | Threat Hunting/Analysis: GIAC Certified Cyber Threat Intelligence (GCTI) Have an active DoD Top Secret clearance Have experience with security analysis and solutions in a WAN/LAN environment to include Routers, Switches, Network Devices, and Operating Systems (e.g., Windows, and Linux) Have experience with other Security Operations Centers (SOC)/DCO tools/applications, such as Firewalls, Intrusion Detection Systems / Intrusion Prevention Systems, Network Security Manager, Forward Proxy, Spam Firewall, etc. Have experience analyzing security compliance scans performed across a WAN (ACAS/Nessus preferred) Have experience analyzing network and host-based threats (ESS preferred) Be able to mentor and train personnel in an evolving, high-paced environment Be familiar with DoD Security Operations Centers (SOC) Be familiar with DCO/Cybersecurity Service Provider (CSSP)-guiding security policies and procedures Have demonstrable experience in offensive security operations, such as penetration testing, red teaming, or exploit development Have experience with advanced digital forensics, including host-based and memory analysis Be proficient in scripting and data analysis with languages such as Python, PowerShell, Bash, or KQL to automate tasks and parse large datasets Be familiar with the intelligence cycle and its application to cybersecurity operations Have experience with hunt-centric security platforms, including industry-standard Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) tools Be familiar with the application of Artificial Intelligence (AI) and Large Language Models (LLMs) in cybersecurity, including the ability to leverage AI-driven security tools and critically assess their output This position will be posted for a minimum of 3 days. If a candidate has not been selected at that time, it will continue to be posted until a suitable candidate is selected or the position is closed. Compensation Details: $145,000 – $152,000 The compensation range or hourly rate listed for this position is provided as a good-faith estimate of what the company intends to offer for this role at the time this posting was issued. Actual compensation may vary based on factors such as job responsibilities, education, experience, skills, internal equity, market data, applicable collective bargaining agreements, and relevant laws. Benefits Overview: Our health and welfare benefits are designed to support you and your priorities. Offerings include: Health, dental, and vision insurance Paid time off and holidays Retirement benefits (including 401(k) matching) Educational reimbursement Parental leave Employee stock purchase plan Tax-saving options Disability and life insurance Pet insurance Note: Benefits may vary based on employment type, location, and applicable agreements. Positions governed by a Collective Bargaining Agreement (CBA), the McNamara-O'Hara Service Contract Act (SCA), or other employment contracts may include different provisions/benefits. Original Posting: 06/12/2026 - 06/22/2026 Amentum anticipates this job requisition will remain open for at least three days, with a closing date no earlier than three days after the original posting. This timeline may change based on business needs. Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed, marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters. Welcome back! We encourage you to check on the status of your current job applications with us. You can also search for a list of our current job openings and see if there are any new positions that might be a good fit for you. Thank you for continued interest in employment with Amentum. For more than 100 years, Amentum has tackled the world’s toughest challenges to deliver agile and steadfast solutions to the U.S. government and its allies. With more than 50,000 employees on all seven continents and in more than 60 countries, Amentum delivers a broad range of operational support services to meet the critical needs of our clients. Our headquarters are in Chantilly, VA. Find us online at If you need a reasonable accommodation for any part of the employment process, please contact us by email at View email address on click.appcast.io and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. If you need assistance, please reach out to View email address on click.appcast.io EEO including Disability/Protected Veterans Labor Laws Posters Amentum has become aware of unauthorized individuals who are falsely using the Amentum name and /or logo in an attempt to solicit fees from potential job seekers. These deceptive and unauthorized individuals are soliciting money, promising placement in a position with Amentum. Please note any communication requesting any amount of money in exchange for employment with Amentum is fraudulent. These communications do not originate from Amentum and are not associated with the recruitment process. Amentum and its affiliates never charge candidates fees or payments of any kind in order to secure employment. As a precaution, we recommend you do not disclose personal or financial details to anyone as a response to an unsolicited email, social media, or dating website request. Amentum will never as ask for a placement fee or any other fee to expedite the hiring process. If you are contacted by anyone offering employment with Amentum, you should never be asked to pay a fee for recruiting. Amentum personnel will always send email from an identifiable corporate account (ending in @amentum.com) and never from a public email account like Yahoo!, Google, Gmail, or Hotmail. If you are contacted regarding a fraudulent employment proposal, we encourage you to alert your local law enforcement agency/police authority. To read more about Amentum’s commitment to ethics, please click here.