View all jobs

Senior Incident Response Analyst

Remote, Washington

ClearFocus Technologies, a HUBZone certified company, is in Leesburg, VA. We specialize in cybersecurity and support multiple government and commercial clients for a variety of missions. We value our clients, integrity and employees and believe a single person can make a difference!  

We are committed to attracting and retaining the best and brightest talent who desire to work with industry leading technology to stay on top of their profession. We provide an excellent benefit package which includes medical, dental, vision, paid time off, 401(k), paid professional development reimbursement and more! 

Job Description: The Senior Incident Response Analyst will operate as a technical lead for the Incident Response function as an escalation point for the Security Operations team. The Security Operating team responds to alerts on activity in the environment and investigates those accordingly, escalating where appropriate. 
  • Operate as an expert in Incident Response with expertise in both the technical and procedural aspects of the role. 
  • Must be able to solve technical challenges in critical situations that require immediate resolution. 
  • Help to design, document & train the team on the overall processes and process flows for the SOC/Incident Response function. 
  • Work with the Cyber Threat Intelligence, Threat Detection, and Engineering teams to build comprehensive processes across all teams. 
  • Help to build a metrics portfolio that represents the functional, risk, and threat aspects of the team and the work they do. 
  • Ensure compliance to published Information Security policies and standards. 
  • Provide security services that align with business objectives and regulatory requirements. 
  • Develop relationships with external security organizations to maintain awareness of security issues and trends. 
  • Escalation points for real-time security alerts and events 
  • Responsible for leading and perform highly confidential and complex digital investigations promptly to fully understand and articulate what activity occurred. 
  • Review work from junior analysts and provide feedback for growth. 
  • Review and ensure QA of team member submissions and ensure they are complete and accurate, as well as meet required audit, regulatory, and legal reporting requirements. 
  • Generate reports around security events and metrics. 
  • Maintain deep knowledge and understanding of the HHS tech stack and changes that may impact analytic capabilities. 
  • Work with platform owners to identify telemetry required to support in-depth analysis and investigations. 
  • Maintain deep knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities. 
Education and Experience: 
  • Bachelor’s degree in computer science, Cybersecurity, Engineering, or Information Systems or related field preferred; or equivalent related work experience 
  • Minimum of 7 years Information Systems Security experience, with at least 5 years in a SOC or working in Incident Response/Handling/Management 
  • Experience with the creation of Incident Management and Response processes, and the technologies to support them (EDR, SIEM, SOAR, etc.) 
  • Advanced knowledge and understanding of security issues, risks, concepts and terminology. 
  • Proficiency in understanding security aspects of computer platforms and technologies (e.g., Linux, UNIX, MVS, Windows, Web, LDAP, DBMS, Network, Firewalls, IDS/IPS, Authentication) 
  • Experience with log analysis from multiple sources (e.g. firewall, IDS, proxy, authentication, endpoints, etc) to identify and investigate anomalies and potential security events 
  • Experience with packet-level analysis (e.g., Wireshark, tcpdump, tshark) and knowledge of TCP/IP protocols (OSI layers 3-7) for investigating network traffic. 
  • Excellent written and verbal communication skills to describe security event details and technical analysis. 
  • Strong interpersonal and organizational skills are needed to prioritize tasks and serve as a leader for enterprise security initiatives.
  • Active Public Trust

Share This Job

Powered by