Incident Responder
About The Position
cFocus Software seeks a n Incident Responder to support the Administrative Offices of the United States Courts (AOUSC) in Washington, DC. This position will require 4 days a week onsite at the Thurgood Marshall Building and 1 day remote with hours of 8am- 4:30pm. Position Overview The Incident Responder supports the Administrative Office of the U.S. Courts (AOUSC) by delivering advanced cybersecurity incident response and threat hunting services across both cloud and on-premises environments. This role focuses on identifying, analyzing, and mitigating sophisticated cyber threats while strengthening detection capabilities and improving overall security posture.
Requirements
- Minimum of 5 years of experience in incident response across cloud and non-cloud environments, including: Microsoft Azure Microsoft O365 Microsoft Active Directory Zscaler
- Minimum of 5 years of experience using Splunk Enterprise Security for incident response
- Minimum of 5 years of experience collecting and analyzing data using: EDR tools (CrowdStrike, Qualys) Custom scripts (e.g., Sysmon, Auditd)
- Experience with the following tools and technologies: Microsoft Sentinel (threat hunting in Azure) Tenable Nessus and SYN/ACK (vulnerability management) NetScout (network traffic analysis) SPUR.us (IP/address enrichment) Mandiant threat intelligence feeds
- Splunk Core Power User certification (required)
- Must possess one of the following certifications: GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) GIAC Continuous Monitoring (GMON) GIAC Defending Advanced Threats (GDAT)
- Ability to obtain a Low Risk Public Trust Suitability Determination
Responsibilities
- Provide incident response support for declared security incidents and proactively hunt for threats not detected through automated systems
- Conduct counterintelligence activities, develop Threat Actor (TA) dossiers, and identify adversary tactics, techniques, and procedures (TTPs)
- Analyze SIEM alerts and security events to determine risk, impact, and appropriate response actions
- Collect and analyze forensic data from compromised systems using EDR tools and custom scripts
- Track and document incidents from initial detection through final resolution
- Respond to government technical requests via ITSM platforms (e.g., HEAT, ServiceNow)
- Perform malware triage and root cause analysis
- Review open-source intelligence for emerging threats and adversary activity
- Collaborate with court IT personnel to troubleshoot and resolve endpoint detection issues
- Participate in after-action reviews and provide recommendations for improving security posture
- Attend Agile Scrum standups and report on assigned Jira tasks
- Review SOC incident reports and recommend enhancements, escalations, or re-evaluations
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
1-10 employees
