Cyber Incident Response Lead - TS Cleared

ECS is seeking a Cyber Incident Response Lead to work in a HYBRID setting out of our Arlington, VA office.  

ECS is seeking talented professionals to join our growing team in supporting the Joint Cyber Defense Collaborative (JCDC), CISA’s premier initiative for whole-of-nation cyber defense. JCDC brings together federal agencies, private sector leaders, and international partners to analyze emerging threats, share actionable intelligence, and coordinate strategic responses to protect critical infrastructure. 

Our team plays a vital role in enabling real-time collaboration, threat detection, and mitigation across sectors. We help shape the strategies and workflows that turn raw intelligence into decisive action—whether responding to active campaigns, developing joint defense plans, or strengthening national cyber resilience. We’re looking for driven professionals who thrive in a fast-paced, mission-focused environment where critical thinking, cyber expertise, and collaborative instincts are essential. A passion for cybersecurity, continuous learning, and public service is vital. 

We are looking for a Lead Cyber Incident Analyst for a team that provides deep technical analysis during active cyber incidents, including insights into vulnerabilities, adversarial tactics, and mitigation strategies across diverse environments like IT, OT/ICS, cloud, and AI systems.  This position will interface extensively with multiple organizations within CISA including Vulnerability Management (VM) and Threat Hunt (TH) to provide guidance and analysis on active cyber threats for JCDC partners. This position will define critical data sources for collection, inform processes, write detection rules, and analyze active and emerging cyber threats and incidents from across Federal Civilian Executive Branch (FCEB), Critical Infrastructure (CI) and State, Local, Tribal and Territorial (SLTT). 

The Lead Cyber Incident Analyst works closely with many stakeholders, including DHS CISA TH and VM, Agency security analysts / user groups, and the ECS team to ensure alignment between solution development and needs of stakeholders. The Analyst will perform research and provide solutions for specific IOCs and IOAs. The Analyst will aid in defining tools, processes, and procedures for advancing Threat Hunting and Incident Response capabilities within CISA, FCEB, CI and SLTT. The Lead Cyber Incident Analyst is required to present solutions to a variety of audiences from users to senior government leaders. The ideal candidate works effectively both independently, and as a member of one or more Agile teams to determine how to optimally satisfy customer requirements. 

Responsibilities: 

• Create and guide the strategic direction for the team's work, ensuring all activities directly support the client’s mission and are aligned with broader goals 
• Perform analysis on active cyber incidents, events and vulnerabilities to provide guidance and targeted recommendations for mitigation 
• Create written guidance and recommendations to assist JCDC partners with solutions for active and ongoing cyber vulnerabilities 
• Through hands-on analysis provide insights into vulnerabilities, adversarial tactics, and mitigation strategies across diverse environments like IT, OT/ICS, cloud, and AI systems 
• Act as the Lead for the ECS Cyber Threat and Incident Response team in collaboration with Cyber Product Owner, Cyber Engagement Coordinator, and a Performance Monitoring team to meet JCDC requirements 
• Oversee the translation of strategic products into clear, practical formats that are tailored to the specific needs and operational constraints of different stakeholder groups, including large and small jurisdictions and critical infrastructure (CI) partners 
• Provide tailored vulnerability mitigation recommendations and contextualized examples to stakeholders to address implementation challenges and encourage rapid adoption 

• Possess a TS security clearance and be SCI eligible at time of proposal submission 
• Proven experience in a leadership role, managing technical or strategic teams  

• 10+ Years of previous experience in a threat intelligence, cyber security, incident response, or similar role 

• Proven understanding of computer and network fundamentals. 

• Strong understanding of computer architecture, operating systems, vulnerabilities, encryption, or other areas of expertise. 

• Proven experience defining data sources and writing detection rules for discovering malicious behavior 

• Ability to perform in-depth research tasks and produce written summaries to include insights and predictions based on an analytical process. 

• Excellent written and oral communication skills 

• Understand current cyber threats/exploits, attack methodology, and detection techniques using a wide variety of security products including COTS and open source 

• Familiarity with MITRE ATT&CK and/or similar frameworks 

• Familiarity with AI/ML concepts and applications