Hybrid: One day a week onsite.
Overview
Our client, a specialized cybersecurity and software engineering organization supporting national security and critical infrastructure missions, is seeking an Incident Response Analyst for an active program in the Washington, DC metro area. This role supports highly technical cyber incident response and threat hunting operations across industrial control systems (ICS), operational technology (OT), and enterprise IT environments. Candidates must meet all clearance and eligibility requirements.
Clearance Requirements
- Citizenship (REQUIRED)
- Ability to obtain and maintain a TS/SCI clearance
- Ability to obtain and maintain a favorably adjudicated DHS background investigation (EOD)Role Overview
The Incident Response Analyst will support cyber incident response, threat hunting, and forensic analysis operations focused on critical infrastructure and industrial environments. This role applies traditional DFIR tradecraft to non-traditional environments such as power, water, and transportation systems. The position requires hands-on technical expertise and the ability to operate in mission-driven, high-impact environments.
Key Responsibilities
- Conduct threat hunting and forensic analysis in critical infrastructure networks
- Analyze malicious software and adversary activity across multiple operating systems
- Support highly technical investigative and response operations
- Provide remediation guidance and recommendations to prevent recurrence
- Perform security site assessments and scoping activities
- Maintain accurate documentation of incident response actions and findings
- Prepare and deliver incident reports to stakeholders and leadership
- Stay current on emerging threats, tools, and techniques relevant to ICS and CI environments
- Collaborate within a team to support both incident response and proactive hunt missions
Required Qualifications
Candidates must meet one of the following experience criteria:
- Experience with cybersecurity incidents across ICS, OT, and IT environments
- Bachelor’s degree with 8+ years of relevant technical experience
- Master’s degree with 6+ years of relevant experience
- PhD with 3+ years of relevant experience
- 12+ years of experience may substitute for a degree
In addition:
- 1–2 years of threat hunting or DFIR experience directly supporting Critical Infrastructure (CI) or ICS environments
- Scripting experience in Python, Bash, PowerShell, and/or JavaScript
- Experience analyzing malicious software on Linux, Windows, macOS, mobile OS, and IoT devices
- Experience conducting security site assessments and scoping activities
- Experience using a range of forensic and reverse engineering tools, including but not limited to:
- IDA Pro, OllyDbg, x64dbg, Ghidra, Objdump, Readelf
- Wireshark, Fiddler, Process Explorer, Process Monitor, Regshot, CFF Explorer
- Experience with open-source and commercial security operations tools
- Prior experience using SIEM platforms for anomaly detection and trend analysis
- Experience analyzing ICS network protocols such as Modbus, ENIP/CIP, BACnet, DNP3
