Incident Response Analyst

Incident Response Analyst - Eligibility for TS/SCI Clearance

Location: Arlington, VA

About the Opportunity

A leading provider of advanced cybersecurity research, software solutions, and engineering services is seeking an experienced Incident Response Analyst. This role supports high-impact cybersecurity operations across critical infrastructure environments, combining incident response, threat hunting, and technical analysis.

Role Overview

The Incident Response Analyst will support cybersecurity incidents within ICS, OT, and IT environments, working with a multidisciplinary team to protect critical infrastructure sectors such as water, power, and transportation. This role requires strong technical acumen, exceptional analytical skills, and the ability to operate in sensitive and mission-driven environments.

Key Responsibilities

Respond to cybersecurity incidents affecting ICS/OT/IT environments and provide recommendations to prevent recurrence

Apply traditional and advanced incident response tradecraft to critical infrastructure networks

Conduct in-depth technical operations and forensic analysis

Contribute sector expertise across utilities and transportation environments

Collaborate in a team setting to support mission requirements for incident response and threat hunting

Maintain accurate documentation of all findings and actions

Prepare and present incident reports for management and stakeholders

Stay current with cybersecurity trends, threat activity, and evolving tools

Required Qualifications

Bachelor's degree with 8+ years of related experience, Master's with 6+ years, or PhD with 3+ years;

OR 12 years of technical experience in lieu of a degree

1–2 years of Threat Hunting or DFIR experience supporting Critical Infrastructure (CI) or Industrial Control Systems (ICS)

Scripting experience in Python, Bash, PowerShell, and/or JavaScript

Experience analyzing malicious applications across Linux, macOS, Windows, iOS, Android, and IoT devices

Experience conducting security site assessments and scoping activities

Hands-on experience with tools such as Ida-Pro, Ollydbg, X64dbg, Scylla, Objdump, Readelf, Ghidra, Process Explorer, CFF Explorer, Wireshark, Fiddler, Regshot, Process Monitor, and Process Hacker

Familiarity with open source and commercial tools for event analysis and security operations

Experience using SIEM platforms for pattern identification, anomaly detection, and trend analysis

Experience analyzing industrial control system protocols (e.g., ModBus, ENIP/CIP, BACnet, DNP3)

Ability to obtain and maintain a DHS background investigation (EOD)