Senior Incident Responder

About the role

CACI is seeking a skilled and experienced Incident Responder (Level 3) to join our dynamic team to support a DoD client in Suitland, MD. The ideal candidate will have a robust background in Computer Network Defense (CND), incident management, and cybersecurity operations. This role requires a proactive individual with significant experience in monitoring, investigating, and responding to cybersecurity alerts, as well as developing and implementing defense tactics, techniques, and procedures (TTPs).

Responsibilities

• Incident Response: Monitor and investigate alerts from cybersecurity tools. Respond to and mitigate cybersecurity incidents and breaches following established incident management lifecycle processes.
• Threat Analysis: Identify and classify attack vectors, analyze malware, and develop countermeasures. Utilize network traffic packet captures and analysis methodologies.
• Tool Utilization: Operate Network Intrusion Detection/Prevention Systems (NIDPS) such as Cisco FirePower, Palo Alto NGFW, and host-based systems like Trellix ePO, Microsoft Defender, and Tanium. Manage Security Information and Event Management (SIEM) systems such as Splunk and Elastic.
• Documentation and Reporting: Write detailed reports, create "best practices" manuals, and develop standard operating procedures. Document incident response activities and findings.
• Penetration Testing: Conduct penetration testing and Red Teaming exercises using tools such as Kali, SamuraiWTF, NMap, Burp Suite, sqlmap, and Metasploit.
• Scripting and Coding: Develop scripts and tools using languages such as Python, Perl, Ruby, JavaScript, PowerShell, and others as needed for incident response and automation.
• Collaboration: Work closely with other cybersecurity teams, IT staff, and stakeholders to ensure a cohesive defense strategy. Provide briefings and presentations as required.
• Continuous Improvement: Stay updated on the latest cybersecurity threats, trends, and technologies. Implement improvements to existing security posture and incident response processes.

Requirements

• Required:
• TS/SCI Security Clearance
• BA/BS in Computer Science, Information Technology, Information Assurance, or a related field. Master's degree preferred. Alternatively, 15+ years of relevant professional experience in lieu of a degree.
• Minimum of 10 years of concentrated experience in CND.
• 5+ years of professional experience in monitoring and investigating cybersecurity alerts.
• Significant experience with Federal, DoD, IC, and industry standards.
• Strong interpersonal, organizational, time management, writing/documentation, and briefing skills.
• Excellent analytical, conceptual, and problem-solving skills.
• Proven ability to communicate effectively and develop/present presentations.
• Experience in developing and implementing CND TTPs.
• Knowledge of network security architecture, including topology, protocols, and components.
• Familiarity with common adversary TTPs and enterprise services (domain controllers, print, email, DNS, web servers).
• Experience with network traffic analysis tools like WireShark or NIKSUN.
• Proficiency in scripting and coding languages (Python, Perl, Ruby, JavaScript, PowerShell, C, C++, Java, VisualBasic.Net, PHP, AJAX).
• Certifications:
• Must possess one of the industry certifications listed under CSSP Incident Responder per the requirements of the DoD Cyber Security Workforce Improvement Program, DoD 8570.01-M.
• -
• What You Can Expect:
• A culture of integrity.
• At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation.
• An environment of trust.
• CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
• A focus on continuous growth.
• Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy.
• Pay Range :

Benefits

Additional Information

Job Title: Senior Incident Responder Job Category: Information Technology Time Type: Full time Minimum Clearance Required to Start: TS/SCI Employee Type: Regular Percentage of Travel Required: Up to 10% Type of Travel: Local * * *

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at CACI? Share your experience