SOC / Incident Response Lead
Devis · Bethesda, MD · 1 wk ago
On-siteManagement$110k–$130k/yrFull-time
Primary Duties
- Direct real-time, 24x7x365 security log collection, monitoring, alerting, and event analysis across the OIT-managed environment
- Perform incident triage on all incidents to determine scope, urgency, and operational impact
- Investigate suspected intrusions and suspicious activity within 30 minutes of detection
- Ensure accurate, consistent incident categorization and ticketing
- Lead detection, triage, analysis, containment, eradication, recovery, and post-incident reporting
- Oversee Tier 2/3 digital forensics, evidence preservation, and chain of custody compliant with NIST SP 800-86
- Conduct malware analysis, reverse engineering, and analysis of suspicious websites, emails, and payloads
- Deliver Security Incident Tickets/Reports within 1 hour of detection and Incident Response After Action Reports
- Lead Advanced Persistent Threat (APT) hunting across the managed environment
- Operate an active Cyber Threat Intelligence (CTI) program to collect, correlate, and disseminate relevant intelligence and IOCs
- Support collaboration with OCIO threat intelligence / Fusion Center activities
- Provide engineering support to the SOC and Incident Response Team and ensure proper configuration of SOC-managed tools and agents
- Lead annual incident response tabletop exercises and implement lessons learned
- Produce the Monthly Forensic Activity Summary and related metrics
Required Qualifications
- Education & Experience
- Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience)
- Minimum 7 years in security operations / incident response, including SOC team leadership
- Demonstrated experience with digital forensics, malware analysis, and threat hunting in enterprise environments
- One or more incident response/forensics certifications: GCIH, GCIA, or GCFA (or comparable)
- CISSP strongly preferred
- Hands-on expertise with SIEM, EDR, and IDS/IPS platforms and security log analysis
- Forensic tooling and evidence handling consistent with NIST SP 800-80 and Federal Rules of Evidence
- Familiarity with US-CERT incident notification guidelines and federal reporting timelines
- Calm, decisive leadership during active incidents and crisis coordination
- Strong written reporting and clear escalation communication
- Experience supporting NIH/HHS or other federal SOC operations
- Cloud monitoring/IR experience (e.g., Azure, AWS)
- Experience standing up or maturing CTI programs
Company Overview
Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.