Senior Cyber Defense Analyst, Incident Responder

Amentum

Senior Cyber Defense Analyst managing cybersecurity for Missile Defense Agency's Cyber Defense program. Leading incident response, operations, investigations, and training for junior analysts.

Posted 6/13/2026full-timeColorado Springs • Alabama, Colorado • 🇺🇸 United StatesSenior💰 $145,000 - $152,000 per yearWebsite

Tech Stack

Tools & technologies

Cyber SecurityFirewallsLinuxPython

About the role

Key responsibilities & impact

Provide oversight and guidance on the MDA Cybersecurity Service Provider - Computer Emergency Response Team’s (MDA CSSP-CERT’s) Cyber Defense and Incident Response program and serve as the primary POC for Jr and Mid Cyber Defense Analyst.
Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM).
Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture.
Perform preliminary analysis, identification, and response actions to detect, characterize, and respond to cyber incidents IAW CJCSM 6510.01B.
Lead event/incident investigations from start to conclusion, to include gathering data, analysis, and reporting.
Properly document all steps in the incident response process while taking care to preserve and protect incident artifacts, evidence, and chain of custody.
Analyze correlated asset, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture.
Support a Cyber Defense Analyst and Cyber Defense Incident Responder training plan by instructing, evaluating, and mentoring Junior and Mid Cyber Defense Analyst and Cyber Defense Incident Responders.
Support the development, establishment, review and update of DCO procedures, processes, manuals, and other documentation.
Leverage actionable Cyber Threat Intelligence data to search for indicators of compromise and develop SIEM content/signatures to detect known attack patterns and make recommendations for improvements.
Coordinate with CSSP-CERT subscribers to develop current configurations, rules, and signatures for cyber security related toolsets.
Coordinate with CSSP-CERT subscribers to notify, investigate, and remediate discrepancies in security logging and CSSP-CERT alignment.
Provide standardized and targeted training in support of CSSP-CERT subscriber cyber defense and incident response programs.
Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines.
Provide support to internal and external Insider threat and law enforcement / counterintelligence (LE/CI) agencies during cyber incidents / investigations.

Requirements

What you’ll need

Must have 6, or more, years of combined experience performing the full life-cycle of incident response and enterprise-level monitoring and analysis of events
Must have 2, or more, years of experience in management or leadership in a team environment
Must possess one of the following certifications: CBROPS, CFR, CySA+, GCFA, GCIA, GICSP
Must have an active DoW Top Secret with SCI Eligibility
Have a Master's degree, or higher, in Cybersecurity, Computer Science or related field
Possess one or more of the following advanced cybersecurity certifications: Offensive Security: OSCP, PNPT, GPEN | Forensics/Incident Response: GCFA, GCFE, GCIH, EC-Council Certified Hacking Forensic Investigator (CHFI)| Threat Hunting/Analysis: GIAC Certified Cyber Threat Intelligence (GCTI)
Have an active DoD Top Secret clearance
Have experience with security analysis and solutions in a WAN/LAN environment to include Routers, Switches, Network Devices, and Operating Systems (e.g., Windows, and Linux)
Have experience with other Security Operations Centers (SOC)/DCO tools/applications, such as Firewalls, Intrusion Detection Systems / Intrusion Prevention Systems, Network Security Manager, Forward Proxy, Spam Firewall, etc.
Have experience analyzing security compliance scans performed across a WAN (ACAS/Nessus preferred)
Have experience analyzing network and host-based threats (ESS preferred)
Be able to mentor and train personnel in an evolving, high-paced environment
Be familiar with DoD Security Operations Centers (SOC)
Be familiar with DCO/Cybersecurity Service Provider (CSSP)-guiding security policies and procedures
Have demonstrable experience in offensive security operations, such as penetration testing, red teaming, or exploit development
Have experience with advanced digital forensics, including host-based and memory analysis
Be proficient in scripting and data analysis with languages such as Python, PowerShell, Bash, or KQL to automate tasks and parse large datasets
Be familiar with the intelligence cycle and its application to cybersecurity operations
Have experience with hunt-centric security platforms, including industry-standard Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) tools
Be familiar with the application of Artificial Intelligence (AI) and Large Language Models (LLMs) in cybersecurity, including the ability to leverage AI-driven security tools and critically assess their output

Benefits

Comp & perks

Health, dental, and vision insurance
Paid time off and holidays
Retirement benefits (including 401(k) matching)
Educational reimbursement
Parental leave
Employee stock purchase plan
Tax-saving options
Disability and life insurance
Pet insurance

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

incident responsecybersecurity monitoringdefensive cyber operationssecurity analysispenetration testingdigital forensicsscriptingdata analysisthreat huntingvulnerability assessment

Soft Skills

leadershipmentoringtrainingcommunicationteam collaborationproblem-solvingdocumentationanalysisreportingorganizational skills

Certifications

CBROPSCFRCySA+GCFAGCIAGICSPOSCPPNPTGPENCHFI