Job Description
Incident Response Analyst (Task 4 – Federal Cybersecurity Contract) Location: Remote with occasional on-site (Washington, D.C. Metro Area) Employment Type: Full-Time Clearance: Public Trust (or eligibility to obtain) We are seeking an experienced Incident Response Analyst to support Task 4 – Incident Response Management on a federal cybersecurity services contract. This role provides front-line security event triage, investigation, reporting, and coordination across multiple federal cybersecurity teams. The ideal candidate has hands-on experience with enterprise IR tooling- CrowdStrike , FireEye (Trellix) , Splunk , NetWitness , and Magnet AXIOM -and is comfortable working in a high-tempo operational environment aligned with federal cybersecurity frameworks (NIST, FISMA, OMB). Key Responsibilities Perform initial triage of security events from SIEM, EDR, NDR, and log sources, including CrowdStrike , FireEye/Trellix , Splunk , NetWitness , and related platforms. Conduct incident investigations , including host and network forensics, log analysis, and evidence review using tools such as NetWitness and AXIOM . Coordinate closely with HHS CSIRC, OpDiv incident response teams, system owners, and security engineering staff to validate findings and recommend containment actions. Provide daily updates , SITREPs, and written documentation of incident status, investigative steps, and remediation recommendations. Develop incident dashboards and knowledge base documentation within Splunk and other IR platforms. Support containme