Cybersecurity Incident Response Lead
Cherokee Federal
full-time
Posted on:
Location Type: Remote
Location: Virginia • United States
Visit company websiteExplore more
Job Level
Tech Stack
About the role
- Lead end-to-end incident response operations, ensuring rapid triage, containment, remediation, and recovery.
- Direct and mentor IR analysts; manage on-call rotations and surge response support.
- Develop, maintain, and standardize IR playbooks, procedures, and escalation workflows.
- Coordinate cross-functional incident bridges; provide timely executive and customer briefings, including daily IR status updates.
- Oversee digital forensics and evidence handling, ensuring chain of custody and investigative integrity.
- Drive proactive threat hunting aligned to current threat actor TTPs and integrate intelligence into detections and response plans.
- Partner with SOC leadership on detection engineering, alert tuning, and use-case development.
- Active participation in meetings, reviews agendas, coordinates with contractors and staff to ensure cooperation and task implementation, reviews and validates security artifacts to ensure that they are sufficient in preparing the customer to address known security operations and security engineering requirements.
- Provide daily incident response briefing to the customer.
- Support the security review of IT systems and architecture as well as Cybersecurity policy development on IT service use, access, refresh, and configuration control, etc.
- Conduct post-incident reviews documenting root cause, impact, corrective actions, and preventive controls.
- Track and report IR metrics (e.g., MTTD, MTTR, containment time, recurrence).
- Ensure compliance with regulatory and contractual requirements (FISMA, FedRAMP, DFARS/CMMC, as applicable).
- Coordinate third‑party engagements (forensics, breach counsel, PR) when needed.
- Lead tabletop exercises, readiness drills, phishing simulations, and after-action reporting.
- Conduct phishing exercises; Plan, using relevant, real-world examples (e.g., HR updates, IT alerts, new vendor invoices). Execute and monitor, track and analyze, and conduct after-action reports.
- Support security architecture reviews, cybersecurity policy development, and system risk assessments.
- Guide selection and optimization of IR technologies, including EDR/XDR, SIEM/SOAR, NDR, threat intelligence, and forensics tools.
- Performs other job-related duties as assigned
Requirements
- 7+ years of cybersecurity experience, including 4+ years in incident response or SOC leadership.
- Proven leadership of complex incidents (ransomware, BEC, data exfiltration, insider threats, supply chain compromise).
- Strong knowledge of IR frameworks, digital forensics, malware analysis fundamentals, and MITRE ATT&CK.
- Hands-on experience with EDR/XDR, SIEM/SOAR, and forensic tools.
- Excellent crisis communication and executive briefing skills.
- Experience operating in regulated environments and handling sensitive data.
- Certifications such as GCIH, GCIA, GCFA, GNFA, GDAT, CISSP, CCSP, or CEH preferred.
- Experience in federal, defense, critical infrastructure, or healthcare environments.
- Familiarity with NIST 800-61, NIST CSF, and CISA guidance preferred.
- Experience with automation and scripting (Python, PowerShell), threat hunting, or detection engineering preferred.
- Must pass pre-employment qualifications of Cherokee Federal.
Benefits
- Full time benefits include Medical
- Dental
- Vision
- 401K
- and other possible benefits as provided. Benefits are subject to change with or without notice.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
incident responsedigital forensicsmalware analysisthreat huntingdetection engineeringautomationscriptingMITRE ATT&CKIR frameworkssecurity architecture reviews
Soft skills
leadershipcrisis communicationexecutive briefingmentoringcoordinationcollaborationtask implementationreportingproblem-solvinganalytical thinking
Certifications
GCIHGCIAGCFAGNFAGDATCISSPCCSPCEH