Apply on Employer Site

Cherokee Federal · 17 hours ago

Cybersecurity Incident Response Lead

Alexandria, VA

Full-time

Onsite

Senior Level

7+ years exp

Cherokee Federal is a trusted partner for federal clients, focused on solving complex challenges. They are seeking a Cybersecurity Incident Response Lead to manage incident response operations, mentor analysts, and ensure compliance with regulatory requirements while protecting mission-critical environments.

GovernmentNon ProfitProfessional ServicesPublic Relations

No H1B

U.S. Citizen Only

Responsibilities

Lead end-to-end incident response operations, ensuring rapid triage, containment, remediation, and recovery

Direct and mentor IR analysts; manage on-call rotations and surge response support

Develop, maintain, and standardize IR playbooks, procedures, and escalation workflows

Coordinate cross-functional incident bridges; provide timely executive and customer briefings, including daily IR status updates

Oversee digital forensics and evidence handling, ensuring chain of custody and investigative integrity

Drive proactive threat hunting aligned to current threat actor TTPs and integrate intelligence into detections and response plans

Partner with SOC leadership on detection engineering, alert tuning, and use-case development

Active participation in meetings, reviews agendas, coordinates with contractors and staff to ensure cooperation and task implementation, reviews and validates security artifacts to ensure that they are sufficient in preparing the customer to address known security operations and security engineering requirements

Provide daily incident response briefing to the customer

Support the security review of IT systems and architecture as well as Cybersecurity policy development on IT service use, access, refresh, and configuration control, etc

Conduct post-incident reviews documenting root cause, impact, corrective actions, and preventive controls

Track and report IR metrics (e.g., MTTD, MTTR, containment time, recurrence)

Ensure compliance with regulatory and contractual requirements (FISMA, FedRAMP, DFARS/CMMC, as applicable)

Coordinate third ‑ party engagements (forensics, breach counsel, PR) when needed

Lead tabletop exercises, readiness drills, phishing simulations, and after-action reporting

Conduct phishing exercises; Plan, using relevant, real-world examples (e.g., HR updates, IT alerts, new vendor invoices). Execute and monitor, track and analyze, and conduct after action reports

Support security architecture reviews, cybersecurity policy development, and system risk assessments

Guide selection and optimization of IR technologies, including EDR/XDR, SIEM/SOAR, NDR, threat intelligence, and forensics tools

Performs other job-related duties as assigned

Qualification

Incident ResponseDigital ForensicsThreat HuntingEDR/XDRCrisis CommunicationCybersecurity CertificationsRegulated EnvironmentsAutomationScriptingMITRE ATT&CKNIST 800-61CISA Guidance

Required

Active Public Trust clearance

U.S. citizenship or legal permanent residency

7+ years of cybersecurity experience, including 4+ years in incident response or SOC leadership

Proven leadership of complex incidents (ransomware, BEC, data exfiltration, insider threats, supply chain compromise)

Strong knowledge of IR frameworks, digital forensics, malware analysis fundamentals, and MITRE ATT&CK

Hands-on experience with EDR/XDR, SIEM/SOAR, and forensic tools

Excellent crisis communication and executive briefing skills

Experience operating in regulated environments and handling sensitive data

Must pass pre-employment qualifications of Cherokee Federal

Preferred

Certifications such as GCIH, GCIA, GCFA, GNFA, GDAT, CISSP, CCSP, or CEH

Experience in federal, defense, critical infrastructure, or healthcare environments

Familiarity with NIST 800-61, NIST CSF, and CISA guidance

Experience with automation and scripting (Python, PowerShell), threat hunting, or detection engineering

Benefits

Medical

Dental

Vision

401K

Company

Cherokee Federal

Cherokee Federal, a division of Cherokee Nation Businesses, is a trusted team of government contracting professionals who can rapidly build innovative solutions.

Founded in 1969

Tulsa, Oklahoma, USA

5001-10000 employees