Role Overview
Leads cyber incident response activities for actual security incidents. Coordinates containment, eradication, remediation, recovery, communications, evidence preservation, and post-incident reporting under Lot 3.
Key Responsibilities
Lead incident triage, severity classification, response coordination, containment strategy, and remediation planning. Coordinate technical responders, forensic analysts, client stakeholders, legal/privacy contacts, and communications teams. Oversee investigation timelines, chain of custody, incident notes, evidence handling, root cause analysis, and corrective action planning. Develop incident response reports, after-action reports, lessons learned, and recommendations to reduce future risk.
Qualifications
Bachelor's degree in cybersecurity, information systems, computer science, digital forensics, or related field; equivalent incident response experience may be considered. Demonstrated experience leading cyber incident response engagements.
Preferred Certifications
GCIH, GCFA, GCFE, CISSP, CISM, Security+, ECIH, CHFI, or equivalent incident response/forensics certification preferred.
Skills
Incident command, breach response, containment planning, malware triage, log analysis, SIEM review, endpoint investigation, root cause analysis, executive communication, evidence preservation, remediation coordination.
Experience
Senior level: more than 5 years in incident response or security operations leadership with a bachelor's degree, or more than 8 years of direct professional experience.
Never miss an opportunity! Create an alert based on the job you applied for.
