Jobs · Management · Maryland

SOC / Incident Response Lead

Devis · Bethesda, MD · 1 wk ago
On-siteManagement$110k–$130k/yrFull-time

Primary Duties

  • Direct real-time, 24x7x365 security log collection, monitoring, alerting, and event analysis across the OIT-managed environment
  • Perform incident triage on all incidents to determine scope, urgency, and operational impact
  • Investigate suspected intrusions and suspicious activity within 30 minutes of detection
  • Ensure accurate, consistent incident categorization and ticketing
  • Lead detection, triage, analysis, containment, eradication, recovery, and post-incident reporting
  • Oversee Tier 2/3 digital forensics, evidence preservation, and chain of custody compliant with NIST SP 800-86
  • Conduct malware analysis, reverse engineering, and analysis of suspicious websites, emails, and payloads
  • Deliver Security Incident Tickets/Reports within 1 hour of detection and Incident Response After Action Reports
  • Lead Advanced Persistent Threat (APT) hunting across the managed environment
  • Operate an active Cyber Threat Intelligence (CTI) program to collect, correlate, and disseminate relevant intelligence and IOCs
  • Support collaboration with OCIO threat intelligence / Fusion Center activities
  • Provide engineering support to the SOC and Incident Response Team and ensure proper configuration of SOC-managed tools and agents
  • Lead annual incident response tabletop exercises and implement lessons learned
  • Produce the Monthly Forensic Activity Summary and related metrics

Required Qualifications

  • Education & Experience
  • Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience)
  • Minimum 7 years in security operations / incident response, including SOC team leadership
  • Demonstrated experience with digital forensics, malware analysis, and threat hunting in enterprise environments
  • One or more incident response/forensics certifications: GCIH, GCIA, or GCFA (or comparable)
  • CISSP strongly preferred
  • Hands-on expertise with SIEM, EDR, and IDS/IPS platforms and security log analysis
  • Forensic tooling and evidence handling consistent with NIST SP 800-80 and Federal Rules of Evidence
  • Familiarity with US-CERT incident notification guidelines and federal reporting timelines
  • Calm, decisive leadership during active incidents and crisis coordination
  • Strong written reporting and clear escalation communication
  • Experience supporting NIH/HHS or other federal SOC operations
  • Cloud monitoring/IR experience (e.g., Azure, AWS)
  • Experience standing up or maturing CTI programs

Company Overview

Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.

Similar jobs