NIH - Incident Response Lead

Posted 7 Days Ago
Be an Early Applicant
Bethesda, MD, USA
In-Office
Senior level
Software
The Role
Lead and coordinate enterprise incident response for NIH across cloud, hybrid, and on-prem systems. Direct full incident lifecycle activities, oversee technical investigations, evidence preservation, containment/recovery, SOC coordination, reporting, and compliance with NIST, HHS, and federal cybersecurity requirements.
Summary Generated by Built In
cFocus Software seeks a Incident Response Lead to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 7+ years leading enterprise incident response activities.
  • Experience supporting federal cybersecurity programs and Security Operations Centers.
  • Experience coordinating enterprise cyber investigations involving cloud and hybrid environments.
  • Experience implementing NIST incident response methodologies.
  • Active GCIH, GCFA, GNFA, CISSP, CEH, CySA+, Security+, CISM, or CCSP

Duties:
  • Lead enterprise cybersecurity incident response operations across NIH information systems.
  • Direct technical response activities throughout the incident response lifecycle including preparation, identification, containment, eradication, recovery, and post-incident activities.
  • Coordinate response efforts for high-impact cybersecurity incidents affecting enterprise infrastructure, cloud services, applications, and data.
  • Serve as the primary technical advisor during cybersecurity incidents and major security events.
  • Manage incident prioritization, escalation, resource coordination, and operational communications.
  • Ensure incident response activities comply with NIH policies, HHS guidance, NIST standards, and federal cybersecurity requirements.
  • Lead technical investigations involving malware infections, unauthorized access, insider threats, ransomware, phishing campaigns, data exfiltration, and advanced persistent threats (APTs).
  • Coordinate root cause analysis and determine attack vectors, affected assets, and operational impact.
  • Analyze indicators of compromise (IOCs), indicators of attack (IOAs), adversary tactics, techniques, and procedures (TTPs), and attack patterns.
  • Coordinate evidence collection and preservation activities supporting investigations.
  • Validate containment strategies and recovery actions.
  • Ensure accurate documentation of incident timelines, findings, corrective actions, and lessons learned.
  • Coordinate with Security Operations Center analysts during incident detection and response activities.
  • Oversee incident triage, escalation procedures, and operational communications.
  • Direct coordination between cybersecurity engineers, cloud engineers, infrastructure teams, system owners, ISSOs, and application administrators.
  • Support continuous monitoring and operational readiness activities.
  • Develop executive incident reports, after-action reports, technical findings, and corrective action recommendations.
  • Prepare briefings for Government leadership regarding significant cybersecurity events.
  • Maintain incident response metrics, trends, dashboards, and performance reporting.
  • Ensure timely reporting in accordance with federal cybersecurity reporting requirements.

Skills Required

  • Public Trust clearance (or ability to obtain)
  • B.S. in Computer Science, Information Technology, or related field
  • 7+ years leading enterprise incident response activities
  • Experience supporting federal cybersecurity programs and Security Operations Centers
  • Experience coordinating enterprise cyber investigations in cloud and hybrid environments
  • Experience implementing NIST incident response methodologies
  • Active certification: GCIH, GCFA, GNFA, CISSP, CEH, CySA+, Security+, CISM, or CCSP
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Largo, MD
25 Employees
Year Founded: 2006

What We Do

Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!

Similar Jobs

General Motors Logo General Motors

Sales Manager

Automotive • Big Data • Information Technology • Robotics • Software • Transportation • Manufacturing
Remote or Hybrid
United States
165000 Employees

DFIN Logo DFIN

Automation Engineer

Fintech • Software
Remote or Hybrid
United States
1750 Employees

Granted Logo Granted

Back-end Engineer

Artificial Intelligence • Healthtech • Insurance • Mobile • Financial Services
In-Office or Remote
2 Locations
23 Employees
150K-225K Annually

New York Life Insurance Company Logo New York Life Insurance Company

Development Manager

Artificial Intelligence • Cloud • Fintech • Information Technology • Insurance • Financial Services • Big Data Analytics
In-Office
Timonium, MD, USA
12000 Employees
60K-85K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account