Supervisory Cyber Analyst - Incident Response

Title:
Supervisory Cyber Analyst - Incident Response

Program Summary:

KBR's Mission Engineering Division delivers complex technical solutions and expert support to the U.S. Department of War, specializing in modeling and simulation, cyber transformation, air vehicle mission integration, and lifecycle support. As a trusted partner with a proven history in mission technology, KBR collaborates closely with clients to develop innovative and effective solutions. With a strong ethical framework, KBR prioritizes data security, privacy, and responsible information management to ensure mission success.

Job Summary:

KBR is seeking a Supervisory Cyber Analyst with incident response experience to lead and manage cybersecurity operations supporting the Defense Health Agency (DHA). This role provides day-to-day supervision of KBR cyber personnel and oversees the coordination and execution of cybersecurity incident response activities at the DoD Component level to protect information systems from unauthorized activity, vulnerabilities, and threats.

The Supervisory Cyber Analyst works closely with the on-site government customer to execute mission priorities, incorporate directed feedback, and identify emerging requirements that may result in task order growth. This is an on-site position based in Charleston, SC. Situational work from KBR offices or a home office may be approved by the government customer based on mission needs.

Roles and Responsibilities:

• Provide direct supervision and leadership to KBR-assigned Incident Response Coordinators supporting Cyber Operations Center teams across multiple geographic regions, including Charleston, SC; Stuttgart, Germany; and Pearl City, HI, as well as remote locations within the United States.
• Ensure assigned personnel execute all tasks in accordance with government direction, performance standards, and contractual requirements, delivering outcomes on schedule and within scope.
• Serve as the primary interface with the assigned government lead, ensuring effective communication, issue resolution, and mission alignment.
• Elicit both explicit and implicit customer requirements to develop recommendations for new work, process improvements, or enhancements to existing cybersecurity operations.
• Actively participate in cyber incident response operations by monitoring, tracking, and coordinating responses to cybersecurity incidents and electronic data spillage events across DHA mission-relevant environments.
• Coordinate response activities among the Cybersecurity Service Provider (CSSP), DHA departments, sites, facilities, and external organizations as required.
• Provide timely status updates and executive-level reporting to DHA leadership throughout the full incident lifecycle, from detection through closure.
• Track incident metrics and historical data and provide reporting upon request to support trend analysis and leadership decision-making.
• Proven ability to decompose ambiguous or complex government requirements into actionable tasks and execution plans.
• Strong problem-solving and critical-thinking skills in dynamic operational environments.
• Demonstrated experience communicating technical cybersecurity concepts effectively through written reports and oral briefings.
• Ability to interpret and implement technical policies and procedures related to information systems and information systems security.
• Demonstrated ability to manage multiple concurrent projects and priorities.
• Self-directed professional capable of operating effectively with minimal supervision.

Basic Qualifications:

• Bachelor's degree and ten (10) years of relevant technical experience; in lieu of a degree, an additional eight (8) years of technical experience may be substituted.
• Active Secret security clearance or higher.
• Minimum DoD 8570/8140 IAT Level II certification.
• Demonstrated supervisory experience leading teams of five (5) or more personnel, including direct and matrixed staff.
• Experience briefing senior leadership and engaging both technical and non-technical audiences.
• Experience supporting large enterprise environments such as the Defense Health Agency, Naval Information Warfare Centers, or similar government organizations.
• Experience with the design, installation, and sustainment of information system hardware and software.
• Knowledge of incident response and handling methodologies, including cyber attack classes, threat actor profiles, and attack lifecycle stages.
• Understanding of network security architecture, including topology, protocols, components, and principles.
• Knowledge of cloud service models and their impact on incident response activities.
• Knowledge of DoD/DoW cybersecurity policies, procedures, and regulations.
• Proficiency with standard office productivity and collaboration tools.

Preferred Qualifications:

• DoD 8570/8140 IAT or IAM Level III certification.

Location: Charleston, SC (On-site)
Schedule: Full-time, 40 hours/week | Core hours 8:00 a.m. - 4:30 p.m. ET
Travel: Up to 5% travel may be required, sometimes with limited notice

Belong, Connect and Grow at KBR

At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team's philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver - Together.


KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.