SME Incident Response Analyst

Leidos•Alexandria, VA

About The Position

This Department of War enterprise data and analytics program delivers mission-critical capabilities that enable leaders across the Department to make faster, better-informed decisions using trusted data at scale. Leidos Digital Modernization sector is seeking an experienced SME Incident Response Analyst to support the delivery, enhancement, and adoption of enterprise data and analytics products used across multiple DoD organizations. In this role, you will work alongside government partners, engineers, and other industry teammates to translate operational and strategic requirements into scalable, production-ready solutions. You will contribute directly to product planning, execution, and continuous improvement—helping ensure capabilities are delivered efficiently, aligned to mission priorities, and positioned for sustained success. This position offers the opportunity to work on a high-visibility, enterprise program at the intersection of data, analytics, and emerging AI technologies. Ideal candidates are motivated by mission impact, comfortable operating in complex stakeholder environments, and interested in building deep domain expertise while delivering capabilities with real-world national security outcomes.

Requirements

Bachelor’s degree or higher from an accredited college or university OR offerings listed in DoD 8140 Training Repository OR CASP+ or CCNP Security or CCSP.
Minimum of 5 years of experience in cybersecurity incident response.
Experience with designing and implementing incident response processes and procedures.
Strong understanding of cybersecurity principles and practices.
Experience with categorizing and prioritizing cybersecurity incidents.
Ability to investigate, diagnose, and resolve high-complexity system issues.
Experience coordinating with external organizations during incident response.
Strong analytical and problem-solving skills.
Excellent communication and collaboration skills.
Top Secret clearance required.

Nice To Haves

TS/SCI clearance.
Advanced certifications such as CISSP, CISM, or CEH.
Experience with DoD cybersecurity incident response operations.
Familiarity with System or similar platforms.
Experience with continuous process improvement methodologies.
Knowledge of Government specified guidance for cybersecurity incidents.
Experience with cloud-based data, analytics, and AI capabilities.
Strong understanding of open standards systems and their benefits.

Responsibilities

Design, implement, and operate Cybersecurity Incident and Spillage processes and procedures.
Prepare, maintain, and execute a Cybersecurity Incident and Spillage response approach.
Incorporate the response approach as part of the Incident Response Plan (IRP).
Establish and operate the System Cybersecurity Incident and Spillage response process.
Identify, track, and report all System cybersecurity incident and spillage incidents.
Categorize and prioritize all System cybersecurity incident and spillage incidents in accordance with Government specified guidance.
Investigate and diagnose cybersecurity incident and spillage incidents.
Coordinate with all affected external organizations during incident response.
Resolve, recover, and close cybersecurity incident and spillage incidents.
Monitor and evaluate cybersecurity incident and spillage incident response operations.
Implement continuous process improvement for incident response operations.
Collaborate with development teams and platform providers to eliminate defects and deploy enhancements.
Test and validate remediation steps to ensure long-term platform stability.
Serve as a subject matter expert during complex incidents, guiding root-cause analysis.
Drive continuous improvement across the platform.