NIH - Incident Response Lead
cFocus Software Incorporated · Bethesda, MD · 2 wk ago
RemoteRemoteEducationFull-time
Qualifications
- Public Trust Clearance
- B.S. in Computer Science, Information Technology, or a related field
- 7+ years leading enterprise incident response activities
- Experience supporting federal cybersecurity programs and Security Operations Centers
- Experience coordinating enterprise cyber investigations involving cloud and hybrid environments
- Experience implementing NIST incident response methodologies
- Active GCIH, GCFA, GNFA, CISSP, CEH, CySA+, Security+, CISM, or CCSP
Duties
- Lead enterprise cybersecurity incident response operations across NIH information systems
- Direct technical response activities throughout the incident response lifecycle including preparation, identification, containment, eradication, recovery, and post-incident activities
- Cookordination response efforts for high-impact cybersecurity incidents affecting enterprise infrastructure, cloud services, applications, and data
- Serve as the primary technical advisor during cybersecurity incidents and major security events
- Manage incident prioritization, escalation, resource coordination, and operational communications
- Ensure incident response activities comply with NIH policies, HHS guidance, NIST standards, and federal cybersecurity requirements
- Lead technical investigations involving malware infections, unauthorized access, insider threats, ransomware, phishing campaigns, data exfiltration, and advanced persistent threats (APTs)
- Cookordinate root cause analysis and determine attack vectors, affected assets, and operational impact
- Analyze indicators of compromise (IOCs), indicators of attack (IOAs), adversary tactics, techniques, and procedures (TTPs), and attack patterns
- Cookordinate evidence collection and preservation activities supporting investigations
- Validate containment strategies and recovery actions
- Ensure accurate documentation of incident timelines, findings, corrective actions, and lessons learned
- Cookordinate with Security Operations Center analysts during incident detection and response activities
- Oversee incident triage, escalation procedures, and operational communications
- Direct coordination between cybersecurity engineers, cloud engineers, infrastructure teams, system owners, ISSOs, and application administrators
- Support continuous monitoring and operational readiness activities
- Develop executive incident reports, after-action reports, technical findings, and corrective action recommendations
- Prepare briefings for Government leadership regarding significant cybersecurity events
- Maintain incident response metrics, trends, dashboards, and performance reporting
- Ensure timely reporting in accordance with federal cybersecurity reporting requirements