Incident Response Team Lead

Tyto Athene is searching for a forward-thinking and self-motivated Incident Response Team Lead to support a law enforcement customer in Washington, DC. This exciting role requires an appetite for learning, superior attention to detail, the ability to meet tight deadlines, great organizational skills, and the ability to work in a highly collaborative work environment. The successful candidate will possess the ability to complete complex tasks and projects quickly with little to no guidance, react with appropriate urgency to situations that require a quick turnaround, and provide the appropriate attention and support to overcome technical obstacles.

Responsibilities:

• Utilize state-of-the-art technologies such as host forensics tools (FTK/Encase), Endpoint Detection & Response tools, log analysis (Splunk), and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data
• Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response
• Recognize attacker and APT activity, tactics, and techniques that can be used to improve monitoring, analysis, and incident response
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes
• Lead Incident Response activities and mentor junior staff
• Work with key stakeholders to implement remediation plans in response to incidents
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
• Author Standard Operating Procedures (SOPs) and training documentation when needed
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty

Required:

• Minimum five (5) years of progressive experience in cybersecurity, information security, security engineering, network engineering, incident response, systems architecture, or data management with a cybersecurity focus.
• Bachelor’s degree in Computer Engineering, Computer Science, Information Technology, or Cybersecurity
• (or eight (8) years of relevant work experience in lieu of degree).
• Required Certification:
• Certified Information Systems Security Professional (CISSP)
• Proficient experience with:
• Security Information and Event Management (SIEM) systems
• Endpoint Detection & Response (EDR) tools
• Intrusion Detection & Prevention Systems (IDS/IPS)
• Digital forensic and case management platforms
• Proven experience leading cyber incident response efforts and coordinating with technical and non-technical stakeholders.

Desired:

• Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred
• Desirable certifications include, but not limited to:
• GCIH, GCIA, GCFE, GREM, GCFA, GSEC
• Security
• CEH, CISSP, CCNA (Security) or equivalent Certifications.
• CySA

Location:

• Ashburn, VA

Clearance:

• TS/SCI Clearance required