Incident Response Lead

Tandym Group is seeking an experienced Incident Response Lead with a Government Client to serve as the SOC's technical authority during active cyber incidents across hybrid and on-prem environments.

This is a 6 month plus contract, 100% REMOTE.

Responsibilities:

• Lead full IR lifecycle-detection through recovery; act as primary investigator for high-severity incidents


• Direct responders, coordinate with stakeholders, and drive rapid containment and recovery.


• Maintain situational awareness and clear communication


• Coordinate with Cloud, Network, Identity, and System teams


• Guide forensic analysis and validate IOCs; ensure compliance with audit/legal standards


• Maintain playbooks and conduct readiness exercises


• Mentor SOC staff; and represent NGDC SOC in briefings.

Qualifications:

• 8+ years cybersecurity experience (4+ in IR/DFIR)


• Strong forensic, SIEM (Splunk), EDR (CrowdStrike, Defender), and network analysis skills


• Knowledge of MITRE ATT&CK, NIST 800-61


• Strong communication under pressure


• U.S. Citizen eligible for Public Trust.

Desired Skills:

• Federal cyber ops, GovCloud, M365, IAM, IaC, GCFAIH/GDAT/CCSP certifications