Apply
Incident Response Analyst (SME)
Pope, NC
Apply
Job Type
Full-time
Description

We are seeking a Subject Matter Expert (SME) Incident Response Analyst to support a Department of Defense cybersecurity operations program located at Pope Army Airfield, North Carolina. This role provides strategic leadership and technical authority for cybersecurity incident response operations supporting C2ISR Transport Infrastructure and National Security Systems (NSS).


The SME will lead the design, development, and operational execution of advanced cyber incident response capabilities, ensuring mission resilience against sophisticated cyber threats including Advanced Persistent Threats (APTs). This position directly supports national security operations by shaping cybersecurity strategy, incident response architecture, and advanced threat detection capabilities.


Responsibilities

  • Lead and oversee cybersecurity incident response operations across C2ISR transport infrastructure.
  • Direct the design and implementation of advanced incident response methodologies and threat detection strategies.
  • Provide expert guidance on the full incident response lifecycle including detection, analysis, containment, eradication, recovery, and post-incident review.
  • Support defense against Advanced Persistent Threats (APTs) and other sophisticated cyber threats.
  • Develop and implement cyber defense strategies aligned with DoD cybersecurity requirements.
  • Provide technical leadership and oversight to incident response teams and cyber analysts.
  • Engage with senior leadership and mission stakeholders to guide cybersecurity strategy and resource allocation.
  • Ensure cybersecurity operations remain compliant with DoD RMF and applicable security frameworks.
Requirements

 Required Qualifications

  • Active TS/SCI clearance 
  • Experience supporting DoD cybersecurity or National Security Systems 
  • Advanced knowledge of: 
    • Cyber incident response 
    • Threat intelligence and threat hunting 
    • Digital forensics 
    • Security monitoring and analysis 
  • Experience with SIEM, EDR, IDS/IPS, and vulnerability management tools

Technologies & Tools


Experience with one or more of the following:


SIEM & Security Monitoring

  • Splunk 
  • Microsoft Sentinel 

Endpoint & Network Security

  • Microsoft Defender for Endpoint 
  • Trellix 
  • SentinelOne 
  • Snort, Suricata, Zeek 

Threat Intelligence & Vulnerability Tools

  • MISP 
  • ThreatConnect 
  • Nessus 
  • Qualys 
  • OpenVAS 

Incident Management & Automation

  • ServiceNow 
  • Jira Service Desk 
  • SOAR platforms (Cortex XSOAR, Splunk      Phantom)

Certifications

Candidates must meet DoD 8140 requirements and obtain a DoD-approved IA baseline certification for ADP-III / IT-III within six months of assignment


Apply
View All Jobs