NIH Incident Response Lead
Job Location:
Bethesda, MD - USA
Monthly Salary:
Not Disclosed
Posted on:
3 days ago
Vacancies:
1 Vacancy
Job Summary
cFocus Software seeks a Incident Response Lead to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science Information Technology or a related field
- 7 years leading enterprise incident response activities.
- Experience supporting federal cybersecurity programs and Security Operations Centers.
- Experience coordinating enterprise cyber investigations involving cloud and hybrid environments.
- Experience implementing NIST incident response methodologies.
- Active GCIH GCFA GNFA CISSP CEH CySA Security CISM or CCSP
Duties:
- Lead enterprise cybersecurity incident response operations across NIH information systems.
- Direct technical response activities throughout the incident response lifecycle including preparation identification containment eradication recovery and post-incident activities.
- Coordinate response efforts for high-impact cybersecurity incidents affecting enterprise infrastructure cloud services applications and data.
- Serve as the primary technical advisor during cybersecurity incidents and major security events.
- Manage incident prioritization escalation resource coordination and operational communications.
- Ensure incident response activities comply with NIH policies HHS guidance NIST standards and federal cybersecurity requirements.
- Lead technical investigations involving malware infections unauthorized access insider threats ransomware phishing campaigns data exfiltration and advanced persistent threats (APTs).
- Coordinate root cause analysis and determine attack vectors affected assets and operational impact.
- Analyze indicators of compromise (IOCs) indicators of attack (IOAs) adversary tactics techniques and procedures (TTPs) and attack patterns.
- Coordinate evidence collection and preservation activities supporting investigations.
- Validate containment strategies and recovery actions.
- Ensure accurate documentation of incident timelines findings corrective actions and lessons learned.
- Coordinate with Security Operations Center analysts during incident detection and response activities.
- Oversee incident triage escalation procedures and operational communications.
- Direct coordination between cybersecurity engineers cloud engineers infrastructure teams system owners ISSOs and application administrators.
- Support continuous monitoring and operational readiness activities.
- Develop executive incident reports after-action reports technical findings and corrective action recommendations.
- Prepare briefings for Government leadership regarding significant cybersecurity events.
- Maintain incident response metrics trends dashboards and performance reporting.
- Ensure timely reporting in accordance with federal cybersecurity reporting requirements.
Required Experience:
Senior IC
About Company
Our exclusive ATO as a Service⢠software & expert services automate FISMA RMF & FedRAMP compliance.