Cyber Synergy Consulting Group
Incident Response Analyst
Cyber Synergy Consulting Group, Washington, District of Columbia, us, 20022
Incident Response Analyst (Task 4 – Federal Cybersecurity Contract)
Location:
Remote with occasional on-site (Washington, D.C. Metro Area)
Employment Type:
Full-Time
Clearance:
Public Trust (or eligibility to obtain)
We are seeking an experienced Incident Response Analyst to support Task 4 – Incident Response Management on a federal cybersecurity services contract. This role provides front-line security event triage, investigation, reporting, and coordination across multiple federal cybersecurity teams.
The ideal candidate has hands-on experience with enterprise IR tooling:
CrowdStrike ,
FireEye (Trellix) ,
Splunk ,
NetWitness , and
Magnet AXIOM
– and is comfortable working in a high-tempo operational environment aligned with federal cybersecurity frameworks (NIST, FISMA, OMB).
Key Responsibilities
Perform
initial triage
of security events from SIEM, EDR, NDR, and log sources, including
CrowdStrike ,
FireEye/Trellix ,
Splunk ,
NetWitness , and related platforms.
Conduct
incident investigations , including host and network forensics, log analysis, and evidence review using tools such as
NetWitness
and
AXIOM .
Coordinate closely with HHS CSIRC, OpDiv incident response teams, system owners, and security engineering staff to validate findings and recommend containment actions.
Provide
daily updates , SITREPs, and written documentation of incident status, investigative steps, and remediation recommendations.
Develop incident dashboards and knowledge base documentation within Splunk and other IR platforms.
Support containment, eradication, and recovery efforts aligned to federal IR procedures.
Participate in
tabletop exercises , readiness assessments, and operational continuity testing.
Monitor and manage the Incident Response Team (IRT) mailbox; elevate urgent items within required SLAs.
Assist with audit support, evidence gathering, and post-incident reviews.
Contribute to continuous improvement of incident response processes and playbooks.
Required Qualifications
2–5+ years of experience in cybersecurity operations, SOC analysis, or incident response.
Direct hands‑on experience with IR tools, including:
CrowdStrike Falcon (EDR)
FireEye/Trellix
(HX, Helix, or equivalent)
Splunk
(SIEM, dashboards, search queries)
NetWitness
(network forensics, packet analysis)
Magnet AXIOM
(host forensics)
Strong understanding of adversary techniques, malware behavior, incident timelines, and forensic artifacts.
Familiarity with
NIST 800-61 ,
NIST 800-53 , FISMA, OMB guidance.
Ability to clearly document investigations and communicate findings to technical and non‑technical audiences.
Eligibility to obtain and maintain a
Public Trust clearance .
Preferred Qualifications
Experience supporting federal agencies (HHS, DHS, DoD, DOJ, etc.).
Certifications such as
Security+ ,
CySA+ ,
CEH ,
GCIH ,
GCIA ,
CHFI , or related.
Experience performing threat hunting across EDR, SIEM, and NDR tools.
Familiarity with packet analysis tools (Wireshark) and scripting languages (Python, PowerShell).
Experience with ServiceNow or similar ticketing platforms.
Work Schedule & Expectations
Core hours:
7:00 AM – 5:00 PM EST , Monday through Friday, with the flexibility to support after-hours incidents as needed.
Participation in on‑call rotations may be required.
Remote work permitted with reliable connectivity and camera‑enabled participation.
#J-18808-Ljbffr
Remote with occasional on-site (Washington, D.C. Metro Area)
Employment Type:
Full-Time
Clearance:
Public Trust (or eligibility to obtain)
We are seeking an experienced Incident Response Analyst to support Task 4 – Incident Response Management on a federal cybersecurity services contract. This role provides front-line security event triage, investigation, reporting, and coordination across multiple federal cybersecurity teams.
The ideal candidate has hands-on experience with enterprise IR tooling:
CrowdStrike ,
FireEye (Trellix) ,
Splunk ,
NetWitness , and
Magnet AXIOM
– and is comfortable working in a high-tempo operational environment aligned with federal cybersecurity frameworks (NIST, FISMA, OMB).
Key Responsibilities
Perform
initial triage
of security events from SIEM, EDR, NDR, and log sources, including
CrowdStrike ,
FireEye/Trellix ,
Splunk ,
NetWitness , and related platforms.
Conduct
incident investigations , including host and network forensics, log analysis, and evidence review using tools such as
NetWitness
and
AXIOM .
Coordinate closely with HHS CSIRC, OpDiv incident response teams, system owners, and security engineering staff to validate findings and recommend containment actions.
Provide
daily updates , SITREPs, and written documentation of incident status, investigative steps, and remediation recommendations.
Develop incident dashboards and knowledge base documentation within Splunk and other IR platforms.
Support containment, eradication, and recovery efforts aligned to federal IR procedures.
Participate in
tabletop exercises , readiness assessments, and operational continuity testing.
Monitor and manage the Incident Response Team (IRT) mailbox; elevate urgent items within required SLAs.
Assist with audit support, evidence gathering, and post-incident reviews.
Contribute to continuous improvement of incident response processes and playbooks.
Required Qualifications
2–5+ years of experience in cybersecurity operations, SOC analysis, or incident response.
Direct hands‑on experience with IR tools, including:
CrowdStrike Falcon (EDR)
FireEye/Trellix
(HX, Helix, or equivalent)
Splunk
(SIEM, dashboards, search queries)
NetWitness
(network forensics, packet analysis)
Magnet AXIOM
(host forensics)
Strong understanding of adversary techniques, malware behavior, incident timelines, and forensic artifacts.
Familiarity with
NIST 800-61 ,
NIST 800-53 , FISMA, OMB guidance.
Ability to clearly document investigations and communicate findings to technical and non‑technical audiences.
Eligibility to obtain and maintain a
Public Trust clearance .
Preferred Qualifications
Experience supporting federal agencies (HHS, DHS, DoD, DOJ, etc.).
Certifications such as
Security+ ,
CySA+ ,
CEH ,
GCIH ,
GCIA ,
CHFI , or related.
Experience performing threat hunting across EDR, SIEM, and NDR tools.
Familiarity with packet analysis tools (Wireshark) and scripting languages (Python, PowerShell).
Experience with ServiceNow or similar ticketing platforms.
Work Schedule & Expectations
Core hours:
7:00 AM – 5:00 PM EST , Monday through Friday, with the flexibility to support after-hours incidents as needed.
Participation in on‑call rotations may be required.
Remote work permitted with reliable connectivity and camera‑enabled participation.
#J-18808-Ljbffr