Incident Response Analyst (SME)

Description:

We are seeking a Subject Matter Expert (SME) Incident Response Analyst to support a Department of Defense cybersecurity operations program located at Pope Army Airfield, North Carolina. This role provides strategic leadership and technical authority for cybersecurity incident response operations supporting C2ISR Transport Infrastructure and National Security Systems (NSS). The SME will lead the design, development, and operational execution of advanced cyber incident response capabilities, ensuring mission resilience against sophisticated cyber threats including Advanced Persistent Threats (APTs). This position directly supports national security operations by shaping cybersecurity strategy, incident response architecture, and advanced threat detection capabilities. Responsibilities Lead and oversee cybersecurity incident response operations across C2ISR transport infrastructure. Direct the design and implementation of advanced incident response methodologies and threat detection strategies. Provide expert guidance on the full incident response lifecycle including detection, analysis, containment, eradication, recovery, and post-incident review. Support defense against Advanced Persistent Threats (APTs) and other sophisticated cyber threats. Develop and implement cyber defense strategies aligned with DoD cybersecurity requirements. Provide technical leadership and oversight to incident response teams and cyber analysts. Engage with senior leadership and mission stakeholders to guide cybersecurity strategy and resource allocation. Ensure cybersecurity operations remain compliant with DoD RMF and applicable security frameworks.

Requirements:

Required Qualifications Active TS/SCI clearance Experience supporting DoD cybersecurity or National Security Systems Advanced knowledge of: Cyber incident response Threat intelligence and threat hunting Digital forensics Security monitoring and analysis Experience with SIEM, EDR, IDS/IPS, and vulnerability management tools Technologies & Tools Experience with one or more of the following: SIEM & Security Monitoring Splunk Microsoft Sentinel Endpoint & Network Security Microsoft Defender for Endpoint Trellix SentinelOne Snort, Suricata, Zeek Threat Intelligence & Vulnerability Tools MISP ThreatConnect Nessus Qualys OpenVAS Incident Management & Automation ServiceNow Jira Service Desk SOAR platforms (Cortex XSOAR, Splunk Phantom) Certifications Candidates must meet DoD 8140 requirements and obtain a DoD-approved IA baseline certification for

ADP-III / IT-III

within six months of assignment .