Cyber Analyst - Incident Response (Weekends 12 hour Shift coverage)

We are seeking a Cyber Analyst - Incident Response to support the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) in designing and enhancing an improved incident response system. The ideal candidate will have deep expertise in cybersecurity, threat intelligence, and incident response, with a proven ability to develop and document repeatable SOPs and working instructions. This role plays a critical part in enabling CISA's cybersecurity reporting and response initiatives, ensuring seamless coordination across the Integrated Operations Division (IOD), Regional Offices (RO), and the Cybersecurity Division (CSD)., Incident Analysis & Enrichment

· Analyze, enrich, and triage cybersecurity incident reports to add contextual detail.

· Identify and assess changing patterns, trends, technologies, Tactics, Techniques, and Procedures (TTPs).

· Correlate reported incidents to known threat campaigns, adversary groups, and vulnerabilities (e.g., zero-day exploits).

Operational & Strategic Support

· Assist in cyber analysis operations, ensuring adherence to CISA's standard operating procedures, quality control standards, and best practices.

· Support federal employees in analyzing operational environments, identifying new threat activities, and providing key recommendations to IOD leadership and the larger CISA analytic community.

· Collaborate with IOD, RO, and CSD teams (e.g., Threat Hunting, Vulnerability Management, Joint Cyber Defense Collaborative Sub-Divisions) to ensure cohesive incident response and situational awareness.

Process & SOP Development

· Develop and maintain comprehensive Standard Operating Procedures (SOPs) and Working Instructions (WIs) for incident handling and cybersecurity reporting.

· Establish repeatable and effective processes for rapid threat identification, classification, and escalation.

· Conduct regular reviews and audits of existing SOPs and WIs to ensure alignment with evolving threats and organizational priorities.

Threat Intelligence Integration

· Integrate diverse threat intelligence sources (open-source, commercial, and classified) to enrich incident reports and vulnerability assessments.

· Leverage frameworks like MITRE ATT&CK and the NIST Cybersecurity Framework (CSF) to map threat behaviors and strengthen detection and response capabilities.

· Provide operationally relevant analysis of CIRCIA reporting for alignment to CISA priorities.

Communication & Coordination

· Prepare and deliver briefings, reports, and presentations to senior leadership and stakeholders on emerging threats, significant incidents, and recommended mitigation strategies.

· Foster a collaborative environment by sharing relevant threat intelligence and best practices across organizational lines.

· Support outreach efforts to federal, state, local, and private-sector partners to enhance overall cybersecurity posture.

· 5+ years of hands-on cybersecurity experience focused on threat analysis, threat intelligence, incident detection, and incident response.

· Demonstrated success in investigating complex cybersecurity incidents and designing solutions for large-scale environments.

Certifications (at least one):

· Certified Ethical Hacker (CEH)

· Certified Threat Intelligence Analyst (CTIA)

· CompTIA Security+

· GIAC Cyber Threat Intelligence (GCTI) or equivalent

Security Clearance: DoD Top Secret Clearance (or higher)

· U.S. Citizenship required.

Preferred Qualifications

Education:

· Bachelor's Degree in Cybersecurity, Computer Science, Information Technology, or a related field.

Frameworks & Standards:

· Familiarity with MITRE ATT&CK, NIST CSF, and NIST 800-61 (Computer Security Incident Handling Guide).

Technical Skills & Tools:

· Experience with security orchestration, automation, and response (SOAR) platforms.

· Proficiency in network traffic analysis tools (e.g., Wireshark, Zeek) and digital forensics solutions (e.g., EnCase, FTK).

· Familiarity with ServiceNow and similar platform-as-a-service tools used for incident tracking and management.

Tuition reimbursement, Health insurance, 401(k) matching, Paid time off, Vision insurance, Dental insurance

Part-time

12 hour shift, Weekends as needed, · 401(k) with matching

· Dental insurance

· Health insurance

· Vision insurance

· Paid time off

· Tuition reimbursement

Schedule: 24 hours per weekend. Core hours (Sat -Sun, 6 am - 6 pm or 6pm - 6 am ET)

Work Arrangement: 24 hours on-site at Arlington and Washington, DC locations.

Why Join Us?

· Impactful Mission: Contribute to the security and resilience of the nation's critical infrastructure and key resources by innovating incident response capabilities for DHS CISA.

· Professional Growth: Leverage your expertise in a dynamic environment that values continuous learning, leadership, and initiative.

· Cutting-Edge Environment: Collaborate with experts in cybersecurity, threat intelligence, and national security to shape the future of cyber defense.

If you are passionate about national cybersecurity, excel in threat analysis, and have a desire to shape and improve incident response systems at the federal level, we invite you to apply. Join us and help protect critical infrastructure and citizens by driving cyber resilience at the highest levels.

Pay: $70.00 per hour