CBO Tier 3 Incident Responder

CFocus Softwareorporated

Job Location:

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Tier 3 Incident Responder to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.

Qualifications:

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
58 years of experience in cybersecurity incident response or digital forensics
Hands-on experience with Microsoft Sentinel Defender XDR and SIEM tools
Strong knowledge of incident handling frameworks (NIST SP 800-61)
Experience with forensic tools (e.g. EnCase FTK Volatility Velociraptor)
Proficiency in log analysis threat detection and correlation across multiple data sources
Experience with cloud environments (AWS Azure) and enterprise networks
Strong understanding of MITRE ATT&CK framework
Preferred certifications include but are not limited to
- GCIA GCIH CISSP CEH or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g. AWS security)
- Privacy certifications (e.g. CIPP/US CIPM) where applicable

Duties:

Lead complex incident investigations across enterprise environments (cloud endpoint network identity)
Perform full lifecycle incident response: detection triage containment eradication and recovery
Conduct digital forensics including evidence acquisition preservation and analysis
Perform malware analysis (static and dynamic techniques)
Provide root cause analysis (RCA) and post-incident reporting with remediation recommendations
Support ransomware response and provide advisory guidance consistent with federal policy
Execute advanced threat hunting across SIEM (Microsoft Sentinel) and XDR platforms
Coordinate with SOC analysts (Tier 1 & 2) engineers and stakeholders during incidents
Develop and improve incident response playbooks and procedures
Ensure chain-of-custody and evidence integrity for all forensic investigations
Support compliance with NIST SP 800-61 and federal incident handling requirements

Required Experience:

Senior IC

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
58 years of experience in cybersecurity incident response or digital forensics
Hands-on experience with Microsoft Sentinel Defender XDR and SIEM tools
Strong knowledge of incident handling frameworks (NIST SP 800-61)
Experience with forensic tools (e.g. EnCase FTK Volatility Velociraptor)
Proficiency in log analysis threat detection and correlation across multiple data sources
Experience with cloud environments (AWS Azure) and enterprise networks
Strong understanding of MITRE ATT&CK framework
Preferred certifications include but are not limited to
- GCIA GCIH CISSP CEH or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g. AWS security)
- Privacy certifications (e.g. CIPP/US CIPM) where applicable

Duties:

Lead complex incident investigations across enterprise environments (cloud endpoint network identity)
Perform full lifecycle incident response: detection triage containment eradication and recovery
Conduct digital forensics including evidence acquisition preservation and analysis
Perform malware analysis (static and dynamic techniques)
Provide root cause analysis (RCA) and post-incident reporting with remediation recommendations
Support ransomware response and provide advisory guidance consistent with federal policy
Execute advanced threat hunting across SIEM (Microsoft Sentinel) and XDR platforms
Coordinate with SOC analysts (Tier 1 & 2) engineers and stakeholders during incidents
Develop and improve incident response playbooks and procedures
Ensure chain-of-custody and evidence integrity for all forensic investigations
Support compliance with NIST SP 800-61 and federal incident handling requirements