Senior Incident Response Analyst

Posted 4 Days Ago
Be an Early Applicant
Arlington, VA, USA
In-Office
Senior level
Computer Vision • Cybersecurity
The Role
Lead and coordinate full lifecycle incident response for a large enterprise, analyze logs, network traffic, endpoint telemetry and forensic artifacts, develop IOCs, tune security tooling, create detection content and playbooks, document investigations, and track SOC KPIs to improve detection and response.
Summary Generated by Built In
Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years!
TDI is seeking a Senior Incident Response Analyst to join our team in support of a mission-critical government program. As part of the Security Operations Center, you will help monitor, detect, investigate, and respond to cybersecurity threats affecting a large-scale enterprise environment while supporting coordinated incident response across multiple organizations.
 
This position is hybrid with commute to the Arlington, VA area. 
 
RESPONSIBILITIES: 
  • Lead and coordinate cyber incident response activities across the full Incident Response lifecycle, including investigation, containment, eradication, and recovery.
  • Analyze security events, logs, network traffic, endpoint telemetry, and forensic artifacts to determine the scope, root cause, and impact of cyber incidents.
  • Identify adversary tactics, techniques, and procedures (TTPs) and develop indicators of compromise (IOCs) to improve threat detection and response.
  • Develop, maintain, and enhance Incident Response processes, playbooks, workflows, and standard operating procedures (SOPs).
  • Configure, tune, and optimize security technologies, including SIEM, EDR, IDS/IPS, and related monitoring tools, to improve detection accuracy and reduce false positives.
  • Create and maintain detection content, including correlation rules, use cases, signatures, alerts, and automation scripts to strengthen SOC monitoring capabilities.
  • Document investigations, response activities, and findings within case management systems, producing clear incident reports and after-action documentation.
  • Establish and track SOC performance metrics and key performance indicators (KPIs) to measure operational effectiveness and support continuous improvement.
QUALIFICATIONS:
  • Ability to obtain Public Trust clearance and successfully complete the EOD process.
  • Candidates must possess at least one of the following certifications: GIAC: GCIH, GCIA, GCFA, GCFE, GREM, or GPEN, CISSP, OSCP, OSCE, or OSWP.
  • Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a related field and 12–15 years of relevant experience.
  • Must have technical hands-on experience in the areas of incident detection and response, malware analysis, or computer forensics.
  • Expertise with Windows and Linux operating systems, enterprise networking, common protocols, and security infrastructure (firewalls, proxies, VPNs, load balancers).
  • Demonstrated experience investigating cyber incidents, performing root cause analysis, identifying attacker TTPs, and leveraging frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
  • Proficiency in Python, PowerShell, Bash, or similar scripting languages to support security automation and incident response.
PREFERRED QUALIFICATIONS:
  • Experience in cyber government, and/or federal law enforcement FISMA systems.

Skills Required

  • Ability to obtain Public Trust clearance and complete the EOD process.
  • Possess at least one certification: GCIH, GCIA, GCFA, GCFE, GREM, GPEN, CISSP, OSCP, OSCE, or OSWP.
  • Bachelor's degree in Computer Science, Engineering, IT, Cybersecurity, or related field plus 12-15 years relevant experience.
  • Hands-on experience in incident detection and response, malware analysis, or computer forensics.
  • Expertise with Windows and Linux operating systems and enterprise networking/protocols.
  • Experience with security infrastructure: firewalls, proxies, VPNs, load balancers.
  • Experience investigating cyber incidents, root cause analysis, identifying attacker TTPs, and using MITRE ATT&CK and Cyber Kill Chain frameworks.
  • Proficiency in scripting for security automation and IR: Python, PowerShell, Bash or similar.
  • Experience configuring, tuning, and optimizing SIEM, EDR, IDS/IPS, and monitoring tools.
  • Experience in cyber government and/or federal law enforcement FISMA systems.
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Washington, DC
50 Employees
Year Founded: 2001

What We Do

For over 20 years, TDI’s one and only passion has been delivering cybersecurity solutions to effectively manage the business of cyber. At the global vanguard of innovation, we created Cybersecurity Performance Management (CPM) and the industry-leading CPM platform, CnSight®. Combining CnSight® with our remarkable historical experience and our exceptional capabilities of cyber operations and compliance, we offer Managed Cybersecurity Performance, a first of its kind managed CPM offering. TDI’s CPM solutions mitigate risk, reduce ransomware, provide continuous compliance, improve cyber-ROI, and provide comprehensive instantaneous visibility into how an organization is performing against its cyber strategy, particularly for Boards of Directors. CnSight® is the industry-leading Cybersecurity Performance Management (CPM) platform which mitigates risk, reduces ransomware, provides continuous compliance, improves cyber-ROI, and provides comprehensive instantaneous visibility into how an organization is performing against its cyber strategy, so executives and Boards may effectively manage the business of cybersecurity– the result: reduced stress, better performance, less cost, and a true understanding of cyber investment. With CnSight® at its core, TDI’s Managed Cybersecurity Performance offering ensures strategic cyber goals are met to protect an organization’s investments, assets and reputation by reducing the risk of ransomware, lowering cyber insurance premiums, improving ROI, reducing legal and fiduciary liability, delivering actionable reporting to the Board and C-Suite, providing on-call advice, ensuring continuous compliance and providing subject matter expertise on the organization’s behalf in meeting with the C-Suite and the Board, dealing with auditors, and supporting budget decisions – the result: reduced stress, better performance, less cost, and a true understanding of cyber investment.

Similar Jobs

Sentar Inc. Logo Sentar Inc.

Tier 3 Incident Response Senior Analyst

Information Technology • Analytics • Cybersecurity • Defense
In-Office
Quantico, VA, USA

Leidos Logo Leidos

Senior Incident Response Analyst

Information Technology • Software
In-Office
Arlington, VA, USA
27104 Employees
131K-237K Annually

Leidos Logo Leidos

Senior Incident Response Analyst

Information Technology • Software
In-Office
Arlington, VA, USA
27104 Employees
131K-237K Annually

At-Bay Logo At-Bay

Sr. Cyber Analyst, Digital Forensics Incident Response

Information Technology • Insurance • Professional Services • Software • Cybersecurity
Remote or Hybrid
US
230 Employees
130K-150K Annually

Similar Companies Hiring

SEON Thumbnail
Artificial Intelligence • Cybersecurity
Budapest, Budapest
415 Employees
HERE Technologies Thumbnail
Artificial Intelligence • Automotive • Computer Vision • Information Technology • Internet of Things • Logistics • Software
Amsterdam, NL
6000 Employees
Blissway Thumbnail
Computer Vision • Fintech • Hardware • Internet of Things • Machine Learning • Software • Transportation
Denver, CO
24 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account