Incident Responder
cFocus Software Incorporated
Position Overview
The Incident Responder supports the Administrative Office of the U.S. Courts (AOUSC) by delivering advanced cybersecurity incident response and threat hunting services across both cloud and on-premises environments. This role focuses on identifying, analyzing, and mitigating sophisticated cyber threats while strengthening detection capabilities and improving overall security posture.
Key Responsibilities
Provide incident response support for declared security incidents and proactively hunt for threats not detected through automated systems
Conduct counterintelligence activities, develop Threat Actor (TA) dossiers, and identify adversary tactics, techniques, and procedures (TTPs)
Analyze SIEM alerts and security events to determine risk, impact, and appropriate response actions
Collect and analyze forensic data from compromised systems using EDR tools and custom scripts
Track and document incidents from initial detection through final resolution
Respond to government technical requests via ITSM platforms (e.g., HEAT, ServiceNow)
Perform malware triage and root cause analysis
Review open-source intelligence for emerging threats and adversary activity
Collaborate with court IT personnel to troubleshoot and resolve endpoint detection issues
Participate in after-action reviews and provide recommendations for improving security posture
Attend Agile Scrum standups and report on assigned Jira tasks
Review SOC incident reports and recommend enhancements, escalations, or re-evaluations
Required Qualifications
Minimum of 5 years of experience in incident response across cloud and non-cloud environments, including:
Microsoft Azure
Microsoft O365
Microsoft Active Directory
Zscaler
Minimum of 5 years of experience using Splunk Enterprise Security for incident response
Minimum of 5 years of experience collecting and analyzing data using:
EDR tools (CrowdStrike, Qualys)
Custom scripts (e.g., Sysmon, Auditd)
Experience with the following tools and technologies:
Microsoft Sentinel (threat hunting in Azure)
Tenable Nessus and SYN/ACK (vulnerability management)
NetScout (network traffic analysis)
SPUR.us (IP/address enrichment)
Mandiant threat intelligence feeds
Splunk Core Power User certification (required)
Must possess one of the following certifications:
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Continuous Monitoring (GMON)
GIAC Defending Advanced Threats (GDAT)
Ability to obtain a Low Risk Public Trust Suitability Determination
Key Deliverables
QA/Security Analysis review of SOC incident reports
Threat Actor (TA) IOC assessments
Web Application Firewall (WAF) rule implementations
Development of operational templates
Advanced SME Incident Response support for Priority 1 events (engagement within 4 hours, 24/7/365)
Comprehensive incident reports including:
Executive summary
Detailed findings
Security impact assessment
Timeline of events
Actions taken
Documentation of all work in Jira aligned with Agile processes
-
Creation and maintenance of Standard Operating Procedures (SOPs) and security playbooks
Work Environment
This role requires a strong on-site presence (80%) at the AOUSC facility in Washington, DC, and active participation in a collaborative, Agile-based cybersecurity operations environment.
- cFocus Software seeks a n Incident Responder to support the Administrative Offices of the United States Courts (AOUSC) in Washington, DC. This position will require 4 days a week onsite at the Thurgood Marshall Building and 1 day remote with hours of 8am- 4:30pm. Position...SuggestedWork at officeRemote work
- ...today! Location 200 Constitution Ave NW, Suite N-1301, Washington, DC Position Overview We are seeking a highly skilled Lead Incident Responder to manage and maintain critical security documentation and ensure compliance with government standards for various systems. The...SuggestedContract workFor contractorsWork at officeLocal area
- A prominent government contractor is seeking a highly skilled Lead Incident Responder to manage critical security documentation and ensure compliance with government standards. This role involves leading incident response efforts, conducting annual Security Control Assessments...SuggestedFor contractors
$65k
...Consulting Services) Internal Job Profile Code: TCS055, T1, Band 4 Job-Specific Essential Duties and Responsibilities: Respond to cyber incidents, including handling SOC IR phone calls and emails from clients and customer points of contact. Support detection and incident...Suggested- ...Job Description Job Description Evolver Federal is seeking a Lead Incident Responder to fulfill a requirement for a potential government client. The Lead Incident Responder serves as the central point of accountability for day-to-day incident response operations...SuggestedContract workFlexible hours
- A cybersecurity services provider is seeking an Incident Responder to support the Administrative Offices of the United States Courts in Washington, DC. This role involves incident response and threat hunting, requiring a minimum of 5 years of experience across cloud and...
- Everforth ECS is seeking a Cyber Defense Incident Responder - Junior to join our Washington, DC office. This full-time permanent position supports a US Government agency and is available immediately for qualified candidates. The successful candidate will be responsible...Permanent employmentFull timeWork at officeImmediate start
$60 per hour
Tyto Athene, LLC is seeking a Part-Time Tier 2 Incident Response Analyst in Washington, DC. The candidate will utilize security tools to analyze and investigate cybersecurity incidents and provide mentorship to Tier 1 analysts. A Bachelor's degree and at least four years...Part time$127k - $140k
...Responsibilities Reporting to the Manager of Adversary Response, the Incident Response Analyst operates on the front lines of active cyber... ..., outthink, and disrupt advanced threat actors. As a primary responder during live incident engagements, you will lead hands-on...Permanent employmentWork experience placementWork at officeRemote workWork from homeHome officeFlexible hours$320k - $405k
...for an experienced Technical Program Manager to own and evolve incident management within D&R. This is a senior-level specialization on... ...the Technical Program Manager ladder, focused on how we detect, respond to, and learn from security and operational incidents. You’ll...Work at officeImmediate startVisa sponsorshipFlexible hoursShift work- ...covered, 401k, continued education, certifications maintenance and reimbursement and more. Who we’re looking for: We are seeking an Incident Response Lead to serve as the Subject Matter Expert (SME) on all cybersecurity matters, including high-level analysis, design,...Contract work
$310k - $375k
...enforcing our policies, protecting users, and ensuring our platform is not misused. As the Incident Response Manager, you will own the operational backbone of how Safeguards responds when things need attention fast. You will run the on‑call program, drive automation that...Work at officeVisa sponsorshipFlexible hoursWeekend work- ...Young Oman is looking for a Cyber Triage and Forensics (CTF) Incident Analyst to be a senior member of the technical team handling security... ...include performing digital forensic analysis, responding to security incidents, and developing documentation. Ideal candidates...Flexible hours
- Blue Rose Consulting Group, Inc. is seeking Independent Licensed Mental Health Clinicians for an impactful role providing specialized mental health support to federal wildland firefighters. This 1099 contractor position offers unparalleled flexibility, allowing clinicians...Hourly payFor contractors
- Terrestris LLC is seeking a Senior Security Operations Analyst in Washington, D.C. This role involves monitoring and responding to cybersecurity threats, analyzing security events, and implementing security controls. Applicants must have a bachelor’s degree or relevant...
$21 - $22 per hour
...Operation Specialist in Washington, DC. The role involves monitoring gunshot acoustics, providing customer support, and ensuring accurate incident reporting. Candidates should possess excellent problem-solving skills, attention to detail, and a minimum of one year in a...Hourly payShift workNight shift- ...Solutions in Washington, DC is seeking a Senior Security Operations Analyst to monitor and respond to cybersecurity threats. The candidate will analyze security events, manage incident response, and support the National Indian Gaming Commission's cybersecurity posture....
- ...Secretary is looking for an IT Specialist (INFOSEC) to join the Department of Commerce in Washington D.C. The position requires leading incident response activities and conducting cyber threat analysis. To qualify, applicants must have specialized experience and demonstrate...Work at office
- A cybersecurity consulting firm is seeking an Incident Response Analyst to support incident management for federal contracts. The role includes event triage, incident investigations, and close coordination with federal cybersecurity teams. Ideal candidates will have experience...Remote job
$73.6k - $130.3k
A leading technology firm is looking for a Business Operations Incident Analyst to support financial operations within Oracle Health systems. The role involves analyzing incidents, performing root cause analysis, and ensuring system stability. Candidates should have 3+...$83.5k - $87.5k
Overview The Cyber Incident Response Analyst role is pivotal in reinforcing the client’s cybersecurity framework by serving as the primary entry point for all external communications regarding cybersecurity incidents and related information requests. Operating within the...Temporary workWork at officeLocal areaFlexible hoursShift work$79.4k - $135k
ASM Research, An Accenture Federal Services Company is seeking an Incident Manager in Washington, D.C. to oversee the incident management process and coordinate IT teams during high-priority incidents. The role requires 4-7 years of relevant experience and strong knowledge...- Diligent Consulting Inc is seeking a Cyber Security Incident and Event Management/Elastic Specialist in Washington, DC. The role requires... ...include designing data ingestion, integrating Elastic, and responding to cybersecurity threats. Experience with NIST 800-53 and...
$180k
...About the Role As a Senior Security Technologist, Incident Command, you are accountable for leading Uber’s most critical, complex,... ...owning outcomes when there is no playbook. You will shape how Uber responds to security incidents at scale - raising the technical bar,...Full timeWork at officeRemote work- ...a Site Reliability Engineer to join their team in Washington, DC. The role involves monitoring customer-facing services, managing incidents, and automating production issue resolutions. Candidates should possess a Bachelor's degree in Computer Science or related fields,...
$310k - $375k
Menlo Ventures is looking for an Incident Response Manager to lead the Enforcement On-Call program, ensuring a quick response to escalations and managing cross-functional teams. This role requires a strong background in trust and safety operations and the ability to communicate...- ...students and staff. Responsibilities include opening and securing the premises, conducting personal property searches, and preparing incident reports. Candidates should have a high school diploma or GED, with 5-8 years of security experience preferred. Ability to obtain...Weekend work
$73.6k - $130.3k
...training and more. Join us to drive positive, lasting change that moves missions and the government forward! The Business Operations Incident Analyst (Revenue Cycle) serves as a key problem solver and investigator for issues impacting business and financial operations...Live inWork at officeLocal area$120k - $160k
A federal contracting firm is seeking a Network Administrator in Washington, D.C. You will be responsible for conducting network changes, performing upgrades, and drafting SOPs. A TS/SCI security clearance and strong knowledge of Cisco and Juniper devices are required. ...- Ardent is seeking a Security Operations Center (SOC) Analyst to support 24x7 security monitoring, alert triage, and incident response activities. This role involves validating alerts, conducting investigations, and coordinating incident response efforts to effectively...Remote job
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Incident Responder. Be the first to apply!
