Incident Response (IR) Tech Lead

Edgewater Federal Solutions is currently seeking an Incident Response (IR) Tech Lead to provide technical expertise, oversight, growth, and maturation of an Incident Response team comprised of IR Tier-1, IR Tier-2, and Forensics specialists on a Federal government contract. This role will provide expert Tier-2/3 support for threat mitigation, incident handling, and response in a 24x7x365 environment, ensuring the security of national-level infrastructure. As a senior incident responder, you will manage significant incidents, guide cross-functional teams, and implement advanced investigative techniques to defend against complex cyber threats. This role requires hands-on technical expertise, strategic oversight, and the ability to develop and improve detection and response processes. This role will also partner with the "Right-of-Boom" Deputy to the Cybersecurity Operations Task Lead.

**Due to the nature of the contract and customer US Citizenship is required.

Lead the response for significant and escalated incidents, coordinating tasks across the IR team and ensuring timely completion.
• Oversee incident triage, determining scope, urgency, and potential impact on operations.
• Develop containment, eradication, and recovery strategies for high-severity incidents.
• Perform real-time monitoring and alerting for potential threats using enterprise security tools, including SIEMs and cloud service provider tools.
• Proactively identify and accurately categorize security incidents, leveraging advanced analytics and correlation techniques.
• Lead threat-hunting operations focused on detecting advanced persistent threats (APTs) and other cyber threats.
• Coordinate efforts between various incident response teams across the enterprise to provide full-scale detection and incident response.
• Act as a point of escalation for complex incidents and support junior analysts by providing guidance and mentorship.
• Collaborate with cybersecurity, counterintelligence, and law enforcement teams for insider threat investigations and other sensitive matters.
• Conduct malware analysis and reverse engineering of suspicious payloads and network traffic.
• Perform digital forensics across various platforms, including host-based, network, cloud, and mobile device forensics.
• Acquire and analyze full disk images and other volatile data as part of investigations, ensuring adherence to NIST SP 800-86 guidelines.
• Develop new or enhance existing detection and response processes, leveraging innovative technologies like Security Orchestration, Automation, and Response (SOAR) platforms.
• Create custom detection signatures and automate response workflows.
• Lead research into new technologies and tools to improve the organization's security posture.
• Develop detailed After-Action Reports (AARs) following significant incidents, summarizing actions taken and lessons learned.
• Create executive summaries and provide regular incident updates for senior leadership.
• Lead and document monthly Lessons Learned meetings for significant incidents, tracking action items to completion.
• Participate in and lead incident response tabletop exercises, collaborating with national and agency-level stakeholders.
• Ensure continual improvement of incident response processes by documenting lessons learned from exercises and real-world events.
• Support counterintelligence and insider threat activities by performing advanced analytics, forensics, and investigation support.
• Analyze suspicious emails, websites, and downloads for nefarious behaviors, escalating findings as necessary.
• Perform content development for SIEM systems, including correlation algorithms and threat detection signatures.
• Assist in evaluating and integrating new security tools to improve threat detection and response capabilities.

• • Bachelor's Degree or higher in relevant cybersecurity-related major and 12 years experience.
  • 5+ years' experience comprehensive cybersecurity operations leadership and management.
  • Demonstrated expert-level delivery experience and knowledge of IR concepts, operations, outputs, and maturity levels.
  • Demonstrated expert-level delivery experience and knowledge of Forensics concepts, operations, outputs, and maturity levels.
  • Demonstrated expert-level delivery experience and knowledge of ticket management tools and practices; troubleshooting; investigations; computer networking; and operating systems.
  • Demonstrated expert-level technical ability/aptitude, demonstrated through prior technical experience and accomplishment.
  • Excellent critical thinking, analytic skills, and experience.
  • Excellent time management skills and experience.
  • Excellent management, teamwork, and interpersonal skills against difficult due dates and timelines.
  • Excellent customer service focus to meet the needs of internal and external customers.
  • Excellent presentation development and delivery skills.
  • Excellent program management, project management, and task tracking skills.
  • Ability to work on occasional weekends and holidays.
  • Ability to pass an HHS Tier-2 security clearance background investigation

Desired:

• One or more certifications in information security (such as GCIH, GCFA, OSCP, GPEN, GSEC, CISSP, CISM, CompTIA Advanced Security Practitioner, CompTIA Security Analytics Expert, CCTHP, CySA+, Security+, etc.).
• Project Management Certifications (such as CAPM, PMP, ITIL etc.).
• Current Security clearance

Salary: $160,000 - $190,000

About Us:

Edgewater Federal Solutions is a privately held government contracting firm located near Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services, and timely delivery. Edgewater is ISO 9001, 20000-1, 27001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2024.

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other status protected by applicable law.