Threat Detection & Incident Response Specialist

We are seeking a highly skilled Threat Detection & Incident Response Specialist to support national-level security initiatives involving protected and classified IT environments. The role focuses on enhancing monitoring capabilities, improving incident handling processes, and supporting the development and evaluation of cross-domain solution (CDS) technologies. This position contributes to secure system development efforts by designing, implementing, assessing, and refining IT security monitoring (ITSM) practices across multiple prototype systems. Work assignments will vary by project and will be detailed through individual task authorizations. Responsibilities: Lead end-to-end incident detection, triage, containment, mitigation, and recovery for critical cybersecurity events. Perform advanced threat, vulnerability, and incident analysis across complex, multi-layered systems. Serve as the primary escalation point for high-priority or complex incidents, ensuring timely and effective resolution. Collaborate with security operations, network engineering, IT teams, and external partners to coordinate incident response. Qualifications: An active Secret or Top Secret Clearance Degree in computer engineering, software engineering, computer science, mathematics, or related field. Minimum 5 years of Incident Management experience within the last 7 years. At least 5 years of experience monitoring or supporting environments of 200 users with technologies such as: ArcSight, Elastic Stack, Gigamon Gigavue, Graylog, Netscout nGenius Debian/Ubuntu, Red Hat/CentOS/Rocky/Alma/Oracle Linux Snort, Suricata, Zeek, Splunk Minimum 2 years within the last 5 years monitoring Linux systems. Nice-to-haves: 2 years (up to 5 recognized) providing network monitoring for classified systems. 2 years working in operational, monitoring, or engineering teams, with details on environment, team size, and role. Completion of network security monitoring courses/certifications (e.g., GIAC, Elastic, Splunk, Red Hat, Cisco, CompTIA, EC-Council). Experience applying recognized reference architectures such as NIST SP 800-53, ITSG-33, NSA CSFC, NCDSMO CDS . 2 years monitoring Linux systems with defined distributions and system components. 2 years developing detection signatures using ArcSight, Elastic Stack, Graylog, NetFlow, Snort, Splunk, Suricata, or Zeek. 1 year monitoring data diodes and CDS Guards in production environments.