Cyber Defense Incident Responder (Advanced)
S2i2 Inc
Summary The Cyber Defense Incident Responder (Advanced) performs hands‑on technical work while guiding and directing senior and mid‑level analysts. This role involves advanced threat detection, threat intelligence research, practical application of threat intelligence to operations, development of custom scripts, and a working understanding of complex threat actor techniques used to compromise systems and evade detection. The ideal candidate brings extensive operational experience defending highly secure enclaves, specifically navigating Top Secret/Sensitive Compartmented Information (TS/SCI) and Special Access Program (SAP) networks. Work Location In Office. Arlington, VA. Duties and Responsibilities Lead a small team of advanced and mid-level security analysts to provide Incident Defense (ID) services for government clients, specifically tailored to the unique security constraints of TS/SCI and SAP environments. Serve as the primary technical point of contact for complex threat hunting issues, and mentor new ID team members to grow their skills and operational abilities. Engineer advanced detection alerting rules for events reported by endpoints, cloud services, network devices, and other relevant event sources across classified enclaves, using Splunk SPL, Microsoft Kusto Query Language (KQL), Elastic Kibana Query Language, Carbon Black, Snort rules, or other pattern‑matching detection tools. Proactively research new malware using hunting capabilities on malware repository services (such as VirusTotal) and through established partnerships with other security researchers, ensuring all malware handling adheres to strict classified network protocols. Lead targeted phishing campaigns to help educate the workforce on the risks of social engineering and malicious attachments. Lead purple and red teaming efforts as directed, conducting adversary emulation relevant to the architecture of highly classified networks. Provide critical support to the Network Operations and Security Center (NOSC) and coordinate team schedules to ensure on‑call coverage for after‑hours, weekends, and holidays. Maintain the toolkit utilized by the ID Team; conduct research analysis on the latest cybersecurity tools, provide rationale to renew or deprecate current tools, and recommend new technologies for the enterprise. Perform comprehensive research and investigations with little to no oversight to locate information relevant to government requests, communicating findings effectively to government information security professionals. Ensure all written communication (reports, briefings, and alerts) is professional, high‑quality, free of errors, and clearly delivers actionable intelligence. Perform other duties as assigned. Minimum Qualifications To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. High school diploma or GED equivalent required. Bachelor's degree in Computer Science, Digital Forensics, or a related major with an emphasis on Security preferred. Six (6) or more years of experience in Threat Hunting, Security Research, or Incident Response. Demonstrated leadership skills, preferably in a formal leadership role. Demonstrated scripting experience. Active TS/SCI clearance required. Preferred Qualifications SAP (Special Access Program) access eligibility or prior SAP‑network operational experience. Relevant industry certifications (e.g., GCIH, GCFA, GCIA, GREM, GDAT, CySA+, or equivalent). Ability to successfully pass background and drug screening. Knowledge, Skills, and Abilities Advanced technical expertise in threat hunting, deep‑divе malware analysis, and the operational application of threat intelligence within highly classified (TS/SCI and SAP) network enclaves. Demonstrated leadership and industry contribution, recognized as a subject matter expert within the defense or broader information security community for advancing incident response methodologies. Proven track record of excellence in guiding, mentoring, and directing mid‑level and senior information security professionals during active cyber operations and crisis response. Government/client service experience as a primary technical liaison, providing Incident Defense (ID) and threat resolution services directly to government stakeholders and technical clients. Security engineering and architecture: knowledge of planning, designing, and implementing robust security controls, detection rules, and defensive systems tailored to secure network architectures. Adversary emulation: skill in executing red team or purple team simulations to test and validate defensive postures against Advanced Persistent Threats (APTs). Technical mentorship: experience teaching, mentoring, and guiding junior and mid‑level analysts in advanced digital forensics and malware analysis techniques. Advanced forensics: deep technical understanding of host and network‑based forensic analysis techniques, with the ability to accurately interpret complex artifacts and maintain data integrity during investigations. Malware and script analysis: high‑level skill in reverse‑engineering and analyzing obfuscated, malicious scripts (e.g., PowerShell, VBA, JavaScript, .NET) used by sophisticated threat actors. Superior research capabilities: exceptional technical analysis and research skills, capable of proactively identifying novel threats and vulnerabilities. Executive communication: excellent written and verbal communication skills, capable of producing high‑quality, error‑free incident reports and briefings suitable for government leadership. Technical translation: ability to clearly explain complex cybersecurity incidents, TTPs, and risks to both technical peers and non‑technical decision makers. Project and case management: proven ability to independently manage multiple complex incident investigations or research projects simultaneously, with high accountability, initiative, and integrity. Crisis management: ability to take ownership during high‑stress cyber incidents, rapidly set triage priorities, multitask effectively, and meet tight government reporting deadlines. Collaboration: well‑developed problem‑solving and interpersonal skills to facilitate seamless coordination with NOSCs, intelligence teams, and external partners. Attention to detail: excellent organizational skills with acute attention to detail, critical for maintaining chain‑of‑custody, accurate incident logging, and operating within strict SAP compliance frameworks. Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit and talk or hear, and may use repeated motions involving the arms, wrists, hands, and fingers. The employee is occasionally required to walk, stand, climb, balance, stoop, kneel, crouch, or crawl, and must occasionally lift and/or move up to 25 pounds. Specific vision abilities required include close vision. Work Environment The employee normally works in a temperature‑controlled office environment with frequent exposure to electronic office equipment. During visits to areas of operations, the employee may be exposed to extreme cold or hot weather conditions and is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise. Equal Opportunity S2i2, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. S2i2 participates in the E‑Verify Employment Verification Program. #J-18808-Ljbffr S2i2 Inc
- Chenega Corporation is seeking a Cyber Defense Incident Responder (Advanced) in Arlington, VA. This role requires expertise in threat detection and incident response within highly classified environments. The ideal candidate will lead a team, guide analysts, and contribute...Cyber
- Chenega Agile Real Time Solutions, LLC is seeking a Cyber Defense Incident Responder (Advanced) in Arlington, VA. The successful candidate will manage a team of security analysts and engage in advanced threat detection and incident response tasks. This role demands a deep...Cyber
- Cyber Defense Incident Responder (Advanced) Arlington, VA Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer’s core culture? If so,...CyberWeekend work
- Phase2 Technology in Arlington, Virginia is seeking a Cyber Defense Incident Responder to enhance their cybersecurity posture. You will analyze and respond to threats, leveraging advanced tools, to protect key infrastructure. The ideal candidate will have a minimum of 4...CyberRemote job
- S2i2, Inc. is seeking a Cyber Defense Incident Responder (Advanced) to lead teams in technical threat detection and incident response operations. This role involves leading efforts in threat intelligence, mentoring junior analysts, and ensuring high standards in complex...Cyber
$99k - $225k
Cyber Defense Incident Responder As a security operations center analyst, you’re in the middle of the action, responding to and mitigating threats... ...complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity...CyberFull timeContract workPart timeWork at officeLocal areaRemote work$86.8k - $198k
...you ready to take a strategic role in cyber defense? Do you want to use your experience-based... ...threat analysis skills to perform advanced threat identification and complex incident response, you want to be a Cyber Incident Responder. Responsibilities Analyze logs, forensic...CyberLocal area$86.8k - $198k
Job Number: R0241884 Cyber Incident Responder Opportunity Are you ready to take a strategic role in cyber defense? Do you want to use your experience-based knowledge to protect... ...extensive threat analysis skills to perform advanced threat identification and complex incident...CyberLocal area$86.8k - $198k
Job Number: R0242498 The Opportunity As a cyber defense incident responder, you understand the value of hunt-forward operations, and you know that... ...complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity...CyberFull timeContract workPart timeWork at officeLocal areaRemote workWorldwide- Booz Allen Hamilton is searching for a Cyber Defense Incident Responder in Alexandria, Virginia. In this role, you will leverage your experience to respond to cybersecurity incidents and prevent future occurrences. You'll work closely with federal agencies, coordinating...Cyber
- Booz Allen Hamilton is seeking a Cyber Defense Incident Responder with strong experience in cybersecurity, particularly in federal environments. The role requires a Bachelor’s degree and Top Secret clearance, ensuring you can critically analyze cybersecurity incidents....Cyber
$86.8k - $198k
Booz Allen Hamilton is seeking a Cyber Incident Responder in Falls Church, Virginia, to play a strategic role in cyber defense. The ideal candidate will leverage extensive skills in threat analysis to protect critical infrastructure from cyber-attacks. With responsibilities...Cyber$65k - $74.1k
A leading consulting firm in Washington DC is looking for an experienced Cyber Defense Incident Handler. You will respond to incidents, support detection and analysis of cyber threats, and maintain knowledge of security protocols. Candidates should have a bachelor's degree...Cyber$99k - $225k
Job Number : R0241994 Cyber Defense Incident Responder The Opportunity: As a security operations center analyst, you’re in the middle of the action, responding to and mitigating threats in real time. You are the first line of cyber defense for the organization, guiding...CyberWork at officeLocal areaRemote work- Phase2 Technology is looking for a Cyber Defense Incident Responder to strengthen our security operations team. You will play a critical role in defending against cyber threats affecting our operations. This position requires expertise in incident response, threat analysis...CyberRemote job
$86.8k - $198k
Booz Allen Hamilton is seeking a Cyber Incident Responder in Arlington, Virginia, to play a crucial role in cyber defense against attacks. You will analyze logs and threat data, respond to incidents in real-time, and advise on network security strategies. The ideal candidate...Cyber$60k - $100k
...DC is seeking a Cybersecurity Operations Specialist to provide advanced support in critical situations. Candidates should have a minimum... ...'s degree in a related field. The role involves leading incident response efforts, documenting actions, and collaborating with technical...Cyber- SwiftCruit is seeking a Cyber Defense Incident Responder in Arlington, Virginia. As a SOC analyst, you will respond to and mitigate cyber threats, ensuring the security of critical infrastructure for the Army. With a strong focus on incident management and coordination...Cyber
- ...Overview Evolver Federal is seeking a Lead Incident Responder to fulfill a requirement for a... ...organizational resilience against evolving cyber threats. This position requires deep technical... ...and recovery. Direct investigations of advanced threats, including APTs, ransomware,...CyberContract workFlexible hours
$65k
...Band 4 Job-Specific Essential Duties and Responsibilities: Respond to cyber incidents, including handling SOC IR phone calls and emails from... ...Bachelor's degree with 1-3 years of experience in cyber defense incident handling (or equivalent experience). 1+ years of...Cyber$116.9k - $243.1k
...technology and ingenuity for clients across defense, national security, public safety,... ...manage 24x7x365 front‑line defense against cyber incidents. You will oversee the full lifecycle of... ...Lead CIRT operations in advanced incident response Manage all SOC investigations...CyberLive inWork at officeLocal area$104k - $166k
Peraton is seeking a Cyber Incident Response Analyst in Arlington, VA. This role involves responding to cybersecurity incidents across industrial control systems and critical infrastructure. The ideal candidate will leverage their expertise to provide actionable recommendations...Cyber- ## (Cyber) Incident Management Analyst - HybridApplylocations: Arlington, VAtime type: Full timeposted... ...JR100578Nightwing provides technically advanced full-spectrum cyber, data operations,... ...include cyber space operations, cyber defense and resiliency, vulnerability research,...CyberContract workImmediate startShift work
- Nightwing provides technically advanced full-spectrum cyber, data operations, systems integration and intelligence... ...cyber space operations, cyber defense and resiliency, vulnerability... ...Government customer to provide onsite incident response to civilian Government agencies...CyberContract workImmediate startShift workNight shiftWeekend work
- ...9 years of experience or equivalent qualifications. Responsibilities include applying Risk Management Framework principles and managing incident responses. The role anticipates some remote work and offers opportunities contingent upon contract award. #J-18808-Ljbffr...CyberContract workRemote work
- ...Description Computer Network Defense Incident Manager III Location:... ...required) Company: Argo Cyber Systems, LLC - Service-Disabled... ...deliver rapid incident response, advanced forensics, and coordinated... ...to detect, analyze, and respond to intrusions in both small...CyberFor contractorsShift work
- Phase2 Technology is seeking a Cyber Incident Responder in Arlington, Virginia. In this role, you'll protect critical infrastructure from cyber threats by analyzing logs and forensic data, responding to incidents in real time, and advising clients on network security....Cyber
$138k - $209k
AIS (Applied Information Sciences) is seeking a qualified Security Architect to lead incident response activities and manage cybersecurity threats effectively. The candidate will develop strategies, frameworks, and ensure adherence to security protocols, working closely...Cyber$60k - $72k
VTG Defense in Washington is seeking an Associate Cyber Security Analyst to support the Naval Sea Systems Command's cybersecurity initiatives. The role involves incident response, compliance support, and maintaining procedures essential for cyber readiness. The ideal candidate...CyberWork at office$98.1k - $177.54k
AT&T is seeking a Tier 2 Cyber Analyst in Fairfax, Virginia, to support the Global Network Operation Center with cyber defense and vulnerability scanning. This role involves monitoring security tools and responding to incidents, requiring TSSCI clearance and significant...Cyber
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Cyber Defense Incident Responder (Advanced). Be the first to apply!

