Cybersecurity Incident Response Engineer, Jr

The Cybersecurity Incident Response Engineer, Jr. monitors enterprise security tools and logs to detect, analyze, and triage potential cybersecurity threats targeting mission-critical systems and data. The role performs initial investigations, distinguishes false positives from genuine incidents, and escalates significant events to senior analysts or incident responders as appropriate. The analyst supports basic containment and response actions, documents events and findings, and helps fine-tune security controls to improve detection fidelity in a highly regulated federal IT environment.

Key Responsibilities

• Monitor SIEM and other security tooling to review events, correlate logs from multiple sources, and identify suspicious patterns that may indicate cybersecurity threats or policy violations.

• Perform Tier 1 alert triage by validating alert context, determining severity and potential impact, filtering out false positives, and generating well-documented tickets for escalation.

• Assist with incident response activities, including gathering evidence, capturing indicators of compromise, and supporting containment and recovery steps under guidance of senior analysts.

• Document investigations thoroughly, including timelines, data sources reviewed, actions taken, and handoffs, to support audit requirements and follow-on analysis.

• Maintain familiarity with common security technologies such as firewalls, IDS/IPS, endpoint protection, and vulnerability scanners, and interpret how their alerts surface within SOC tools.

• Follow established SOC standard operating procedures, playbooks, and reporting formats, and contribute feedback to improve them as detection and response capabilities mature.

• Support continuous tuning of rules, use cases, and dashboards to reduce noise, enhance detection accuracy, and improve visibility into the client environment.

• Collaborate with IT, operations, and risk teams to align monitoring and response activities with cybersecurity policies, regulatory expectations, and mission priorities.

Required Qualifications

• Bachelor's degree in IT, Computer Science, Cybersecurity, or related field, or equivalent relevant experience.

• 0-3 years of experience in cybersecurity, IT operations, or related technical roles with exposure to security monitoring and incident triage.

• Foundational understanding of cybersecurity concepts, common attack techniques, and the role of a security operations center in detection and response.

• Hands-on familiarity with security tools such as SIEM, firewalls, IDS/IPS, endpoint protection, or vulnerability scanners, and ability to interpret basic alerts and logs.

• Active SECRET clearance or ability to obtain and maintain required clearance.

• U.S. citizenship required to support federal information security requirements.

• Strong analytical, problem-solving, communication, and teamwork skills, with the ability to manage multiple alerts and tasks in a fast-paced SOC environment.

Preferred Qualifications

• Experience working in or supporting a 24x7 SOC environment, including shift work and effective handoff practices for ongoing incidents.

• Entry-level security certifications such as Security+, CySA+, or similar that validate core defensive operations knowledge.

• Experience following or implementing documented playbooks, runbooks, or standard operating procedures in a security or IT operations context.

• Familiarity with federal cybersecurity policies, control frameworks, or agency-specific security requirements.

Compensation Ranges

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.