Overview
ITDC is seeking an Incident Response Analyst Level II to execute the incident response lifecycle per NIST SP 800-61 across detection, triage, containment, eradication, and recovery for a federal cybersecurity program.
Responsibilities
- Triage SIEM alerts, EDR detections, and analyst escalations.
- Lead or co-lead containment, forensic collection, and recovery actions.
- Author incident reports, chain-of-custody logs, and lessons-learned.
- Coordinate with SOC, ISSO, system owners, and BOP/DOJ-directed reporting channels.
Required Qualifications
- 5+ years of cyber incident response experience (derived).
- Hands-on EDR (Defender, CrowdStrike, Carbon Black) and SIEM (Splunk, Sentinel) experience.
- NIST SP 800-61, SP 800-86 chain-of-custody familiarity; Volatility, KAPE, Velociraptor.
- Bachelor's degree (derived); GCIH, GCFA, CSIH, or Security+ preferred.
Desired Qualifications
- Federal IR experience with US-CERT / CISA reporting.
- PII breach response and BOP/DOJ Breach Response Team coordination.
- Threat hunting and IOC development experience.
Job Ref 2026-0503-12