Incident Response Expert / Cyber Eviction Analyst
Node.Digital LLC · Arlington, VA · 3 mo ago
On-siteEngineeringFull-time
Key responsibilities
- Serving as a hunt and incident response subject matter expert, providing technical direction and alternatives to response teams
- Applying deep knowledge of threat actor tools, techniques, and procedures (TTPs) to complex incident response challenges
- Producing executive summaries and detailed technical reports for stakeholders
- Conducting expert analysis and research on hunt and incident response problems with broad direction
- Setting technical objectives and developing creative solutions to complex security issues
- Analyzing incident data and victim environments to recommend targeted mitigations
- Advising on countermeasure implementation and customization
- Supporting containment and eradication missions
- Documenting analysis in a standardized knowledge base and maintaining process/procedure documentation
- Guiding completion of hunt and incident response activities across multiple environments
Requirements
- Required Qualifications:
- Bachelor's degree in Computer Science, Cyber Security, Computer Engineering, or a related field; or a high school diploma with 10+ years of technical experience
- 8+ years of cyber incident response experience, including threat hunting, containment, and eradication
- Proficiency administering and investigating on both Linux/Unix and Windows systems
- Hands-on experience using Splunk as a SIEM for incident response or threat hunting
- Strong understanding of network architecture, network security concepts, and attack stages/classes
- Incident response experience across on-premises, cloud environments, and Windows Active Directory
- Mets DoD 8140.01 certification requirements at IAT II, IASAE II, or CSSP Analyst level
- U.S. citizen with an active TS/SCI clearance and ability to obtain DHS suitability
- Able to travel domestically on short notice (:25%)
- Experience producing executive summaries and detailed technical incident response reports
- Preferred Qualifications:
- Holds at least one of the following certifications: GCIA, GCIH, CEH, or GIAC GNFA
- Experience with leadership or mentoring in incident response teams
- Familiarity with CND policies and procedures
- Knowledge of threat environments, network/system administration, and IAM tools
- Experience with enterprise architecture security review and defense-in-depth strategies
- Expertise in host and network intrusion detection, event correlation, and malicious activity analysis
- Strong collaboration skills with stakeholders across multiple locations