A recognized services organization is seeking an experienced Incident Response Lead to serve as the SOC’s technical authority during active cyber incidents across hybrid and on-prem environments.
About the Opportunity:
- Assignment Length: 6+ months
- Setting: 100% Remote
- Notes: Must be able to obtain a Public Trust Clearance.
Responsibilities:
- Lead full IR lifecycle, including detection through recovery; act as primary investigator for high-severity incidents
- Direct responders, coordinate with stakeholders, and drive rapid containment and recovery.
- Maintain situational awareness and clear communication
- Coordinate with Cloud, Network, Identity, and System teams
- Guide forensic analysis and validate IOCs; ensure compliance with audit/legal standards
- Maintain playbooks and conduct readiness exercises
- Mentor SOC staff and represent NGDC SOC in briefings.
Qualifications:
- 8+ years of Cybersecurity experience (4+ in IR/DFIR)
- Strong skills in Forensic, SIEM (Splunk), EDR (CrowdStrike, Defender), and Network Analysis
- Knowledge of MITRE ATT&CK, NIST 800-61
- Strong communication under pressure
- U.S. Citizen eligible for Public Trust.
Desired Skills:
- Federal cyber ops, GovCloud, M365, IAM, IaC, GCFA/GCIH/GDAT/CCSP certifications
