Incident Response Analyst

Incident Response Analyst - Eligibility for TS/SCI Clearance Location: Arlington, VA About the Opportunity A leading provider of advanced cybersecurity research, software solutions, and engineering services is seeking an experienced Incident Response Analyst. This role supports high-impact cybersecurity operations across critical infrastructure environments, combining incident response, threat hunting, and technical analysis. Role Overview The Incident Response Analyst will support cybersecurity incidents within ICS, OT, and IT environments, working with a multidisciplinary team to protect critical infrastructure sectors such as water, power, and transportation. This role requires strong technical acumen, exceptional analytical skills, and the ability to operate in sensitive and mission-driven environments. Key Responsibilities Respond to cybersecurity incidents affecting ICS/OT/IT environments and provide recommendations to prevent recurrence Apply traditional and advanced incident response tradecraft to critical infrastructure networks Conduct in-depth technical operations and forensic analysis Contribute sector expertise across utilities and transportation environments Collaborate in a team setting to support mission requirements for incident response and threat hunting Maintain accurate documentation of all findings and actions Prepare and present incident reports for management and stakeholders Stay current with cybersecurity trends, threat activity, and evolving tools Required Qualifications Bachelor’s degree with 8+ years of related experience, Master’s with 6+ years, or PhD with 3+ years; OR 12 years of technical experience in lieu of a degree 1–2 years of Threat Hunting or DFIR experience supporting Critical Infrastructure (CI) or Industrial Control Systems (ICS) Scripting experience in Python, Bash, PowerShell, and/or JavaScript Experience analyzing malicious applications across Linux, macOS, Windows, iOS, Android, and IoT devices Experience conducting security site assessments and scoping activities Hands-on experience with tools such as Ida-Pro, Ollydbg, X64dbg, Scylla, Objdump, Readelf, Ghidra, Process Explorer, CFF Explorer, Wireshark, Fiddler, Regshot, Process Monitor, and Process Hacker Familiarity with open source and commercial tools for event analysis and security operations Experience using SIEM platforms for pattern identification, anomaly detection, and trend analysis Experience analyzing industrial control system protocols (e.g., ModBus, ENIP/CIP, BACnet, DNP3) Ability to obtain and maintain a DHS background investigation (EOD)