TDI is seeking a Senior Incident Response Analyst to join our team in support of a mission-critical government program. As part of the Security Operations Center, you will help monitor, detect, investigate, and respond to cybersecurity threats affecting a large-scale enterprise environment while supporting coordinated incident response across multiple organizations.
- Lead and coordinate cyber incident response activities across the full Incident Response lifecycle, including investigation, containment, eradication, and recovery.
- Analyze security events, logs, network traffic, endpoint telemetry, and forensic artifacts to determine the scope, root cause, and impact of cyber incidents.
- Identify adversary tactics, techniques, and procedures (TTPs) and develop indicators of compromise (IOCs) to improve threat detection and response.
- Develop, maintain, and enhance Incident Response processes, playbooks, workflows, and standard operating procedures (SOPs).
- Configure, tune, and optimize security technologies, including SIEM, EDR, IDS/IPS, and related monitoring tools, to improve detection accuracy and reduce false positives.
- Create and maintain detection content, including correlation rules, use cases, signatures, alerts, and automation scripts to strengthen SOC monitoring capabilities.
- Document investigations, response activities, and findings within case management systems, producing clear incident reports and after-action documentation.
- Establish and track SOC performance metrics and key performance indicators (KPIs) to measure operational effectiveness and support continuous improvement.
- Ability to obtain Public Trust clearance and successfully complete the EOD process.
- Candidates must possess at least one of the following certifications: GIAC: GCIH, GCIA, GCFA, GCFE, GREM, or GPEN, CISSP, OSCP, OSCE, or OSWP.
- Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a related field and 12–15 years of relevant experience.
- Must have technical hands-on experience in the areas of incident detection and response, malware analysis, or computer forensics.
- Expertise with Windows and Linux operating systems, enterprise networking, common protocols, and security infrastructure (firewalls, proxies, VPNs, load balancers).
- Demonstrated experience investigating cyber incidents, performing root cause analysis, identifying attacker TTPs, and leveraging frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
- Proficiency in Python, PowerShell, Bash, or similar scripting languages to support security automation and incident response.
- Experience in cyber government, and/or federal law enforcement FISMA systems.
Skills Required
- Ability to obtain Public Trust clearance and complete the EOD process.
- Possess at least one certification: GCIH, GCIA, GCFA, GCFE, GREM, GPEN, CISSP, OSCP, OSCE, or OSWP.
- Bachelor's degree in Computer Science, Engineering, IT, Cybersecurity, or related field plus 12-15 years relevant experience.
- Hands-on experience in incident detection and response, malware analysis, or computer forensics.
- Expertise with Windows and Linux operating systems and enterprise networking/protocols.
- Experience with security infrastructure: firewalls, proxies, VPNs, load balancers.
- Experience investigating cyber incidents, root cause analysis, identifying attacker TTPs, and using MITRE ATT&CK and Cyber Kill Chain frameworks.
- Proficiency in scripting for security automation and IR: Python, PowerShell, Bash or similar.
- Experience configuring, tuning, and optimizing SIEM, EDR, IDS/IPS, and monitoring tools.
- Experience in cyber government and/or federal law enforcement FISMA systems.
What We Do
For over 20 years, TDI’s one and only passion has been delivering cybersecurity solutions to effectively manage the business of cyber. At the global vanguard of innovation, we created Cybersecurity Performance Management (CPM) and the industry-leading CPM platform, CnSight®. Combining CnSight® with our remarkable historical experience and our exceptional capabilities of cyber operations and compliance, we offer Managed Cybersecurity Performance, a first of its kind managed CPM offering. TDI’s CPM solutions mitigate risk, reduce ransomware, provide continuous compliance, improve cyber-ROI, and provide comprehensive instantaneous visibility into how an organization is performing against its cyber strategy, particularly for Boards of Directors. CnSight® is the industry-leading Cybersecurity Performance Management (CPM) platform which mitigates risk, reduces ransomware, provides continuous compliance, improves cyber-ROI, and provides comprehensive instantaneous visibility into how an organization is performing against its cyber strategy, so executives and Boards may effectively manage the business of cybersecurity– the result: reduced stress, better performance, less cost, and a true understanding of cyber investment. With CnSight® at its core, TDI’s Managed Cybersecurity Performance offering ensures strategic cyber goals are met to protect an organization’s investments, assets and reputation by reducing the risk of ransomware, lowering cyber insurance premiums, improving ROI, reducing legal and fiduciary liability, delivering actionable reporting to the Board and C-Suite, providing on-call advice, ensuring continuous compliance and providing subject matter expertise on the organization’s behalf in meeting with the C-Suite and the Board, dealing with auditors, and supporting budget decisions – the result: reduced stress, better performance, less cost, and a true understanding of cyber investment.








