Cyber Incident Response Analyst SME

Cyber Incident Response Analyst

This Department of War enterprise data and analytics program delivers mission-critical capabilities that enable leaders across the Department to make faster, better-informed decisions using trusted data at scale. Leidos Digital Modernization sector is seeking an experienced SME Cyber Incident Response Analyst to support the delivery, enhancement, and adoption of enterprise data and analytics products used across multiple DoD organizations.

In this role, you will work alongside government partners, engineers, and other industry teammates to translate operational and strategic requirements into scalable, production-ready solutions. You will contribute directly to product planning, execution, and continuous improvement—helping ensure capabilities are delivered efficiently, aligned to mission priorities, and positioned for sustained success.

This position offers the opportunity to work on a high-visibility, enterprise program at the intersection of data, analytics, and emerging AI technologies. Ideal candidates are motivated by mission impact, comfortable operating in complex stakeholder environments, and interested in building deep domain expertise while delivering capabilities with real-world national security outcomes.

Primary Responsibilities

• Monitor, detect, analyze, mitigate, and respond to cyber threats across the enterprise.
• Lead incident detection and response activities at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP).
• Coordinate efforts through the enterprise incident tracking system and established communication channels.
• Provide expert investigative support for large-scale and complex security incidents, including those lacking clear technical indicators.
• Work with cybersecurity, network, and operations teams to ensure timely containment, remediation, and reporting of all incidents.
• Implement and operate access management mechanisms to control user access to data, tools, and services, including automation of standard access requests and support for VIPs.
• Collect, analyze, and assess user and customer analytic data to inform system changes and improvements.
• Design, implement, and improve the customer experience with the User Support Desk, including automation of access requests and integration of modern tools

Basic Qualifications

• Top Secret with SCI eligibility security clearance
• Bachelor degree or higher from an accredited college or university OR Offerings listed in DoD 8140 Training Repository ORGCFA or GCIA
• Minimum of 12 years of experience in cybersecurity incident response.
• Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO).
• Proficiency in using cybersecurity tools and technologies for monitoring and incident response.
• Experience with network security monitoring, intrusion detection systems, and security information and event management (SIEM) tools.
• Excellent analytical and problem-solving skills.
• Strong communication and coordination skills to work effectively with various teams.

Preferred Qualifications

• Active TS/SCI
• Master's degree in Cybersecurity or a related field.
• Certifications such as CISSP, CISM, CEH, or GIAC.
• Experience with cloud security and familiarity with AWS GovCloud/NIPRNet, SC2S AWS Secret Region Cloud for SIPRNet, and C2S AWS Cloud for JWICS environments.
• Knowledge of automation tools and techniques, including AI chatbots and Robotic Process Automation (RPA).
• Experience in designing and implementing disaster recovery and continuity of operations plans.