NIH - INCIDENT RESPONSE LEAD
cfocussoftware
Full-timelead
Job description
cFocus Software seeks a Incident Response Lead to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
• Public Trust Clearance
• B.S. Computer Science, Information Technology, or a related field
• 7+ years leading enterprise incident response activities.
• Experience supporting federal cybersecurity programs and Security Operations Centers.
• Experience coordinating enterprise cyber investigations involving cloud and hybrid environments.
• Experience implementing NIST incident response methodologies.
• Active GCIH, GCFA, GNFA, CISSP, CEH, CySA+, Security+, CISM, or CCSP
Duties:
• Lead enterprise cybersecurity incident response operations across NIH information systems.
• Direct technical response activities throughout the incident response lifecycle including preparation, identification, containment, eradication, recovery, and post-incident activities.
• Coordinate response efforts for high-impact cybersecurity incidents affecting enterprise infrastructure, cloud services, applications, and data.
• Serve as the primary technical advisor during cybersecurity incidents and major security events.
• Manage incident prioritization, escalation, resource coordination, and operational communications.
• Ensure incident response activities comply with NIH policies, HHS guidance, NIST standards, and federal cybersecurity requirements.
• Lead technical investigations involving malware infections, unauthorized access, insider threats, ransomware, phishing campaigns, data exfiltration, and advanced persistent threats (APTs).
• Coordinate root cause analysis and determine attack vectors, affected assets, and operational impact.
• Analyze indicators of compromise (IOCs), indicators of attack (IOAs), adversary tactics, techniques, and procedures (TTPs), and attack patterns.
• Coordinate evidence collection and preservation activities supporting investigations.
• Validate containment strategies and recovery actions.
• Ensure accurate documentation of incident timelines, findings, corrective actions, and lessons learned.
• Coordinate with Security Operations Center analysts during incident detection and response activities.
• Oversee incident triage, escalation procedures, and operational communications.
• Direct coordination between cybersecurity engineers, cloud engineers, infrastructure teams, system owners, ISSOs, and application administrators.
• Support continuous monitoring and operational readiness activities.
• Develop executive incident reports, after-action reports, technical findings, and corrective action recommendations.
• Prepare briefings for Government leadership regarding significant cybersecurity events.
• Maintain incident response metrics, trends, dashboards, and performance reporting.
• Ensure timely reporting in accordance with federal cybersecurity reporting requirements.