Incident Response Lead

We are seeking a highly motivated and experienced Incident Response Lead to serve as the NGDC SOC’s technical authority during active cybersecurity incidents across hybrid cloud and on-prem environments. You will direct responders, coordinate with enterprise stakeholders, and drive rapid containment and eradication of threats targeting the NGDC and FTII platforms. This role is ideal for a seasoned IR professional with strong investigative leadership, decisive problem-solving under pressure, and a passion for elevating SOC maturity.

• Direct and execute the full incident response lifecycle — detect, analyze, contain, eradicate, recover, and post-incident improvement
• Act as lead investigator for high-severity incidents, driving scoping, timelines, and decision logs
• Maintain situational awareness and provide clear, timely updates to SOC leadership, Cyber Engineering, ISSO, and FSA stakeholders
• Lead technical coordination with Cloud, Network, Identity, and System Administration teams during active response
• Serve as escalation decision authority for containment actions and service disruption trade-offs
Technical Investigation & Forensics
• Lead host/network/cloud DFIR investigations; guide analysts in EDR, SIEM, and NDR tool usage
• Validate and evaluate IOCs/IOAs, malware, credential abuse, lateral movement, and persistence mechanisms
• Ensure evidence integrity and documentation meets audit and legal standards
Preparedness & Program Maturity
• Maintain and continuously enhance IR playbooks, runbooks, and operational workflows
• Lead incident readiness activities (tabletops, purple team exercises, threat hunt planning)
• Translate lessons learned into proactive detection content and security control improvements
• Mentor and technically develop SOC Analysts and supporting engineering roles
Collaboration & Cross-Functional Coordination
• Partner with FSA SOC, EDSOC, CISA, and third-party responders when required
• Coordinate communications with Legal, ISSOs, Public Affairs, and leadership during incidents
• Represent NGDC SOC in briefings with senior government leadership (CISA HVA, DoED, FSA)

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• 10-12 years of hands-on cybersecurity experience within a SOC, including 6+ years in incident response or DFIR roles
• Demonstrated ability to lead major incidents affecting cloud infrastructure (AWS)
• Strong command of:
o Digital forensics methodologies (host, network, and cloud)
o Log and SIEM analysis (e.g., Splunk)
o EDR platforms (e.g., Trellix)
o Network analytics and packet capture fundamentals
• Deep familiarity with MITRE ATT&CK, NIST SP 800-61, and cyber kill chain frameworks
• Excellent communication and situational leadership skills — able to brief executives under pressure
• Must obtain Public Trust 6C.

Desired Qualifications
• Relevant certifications, such as:
o GCIA, GCFA, GCFE, GNFA, GCIH, GDAT
o Other vendors: Cybersecurity IR or forensic-focused certifications
• Experience mentoring responders and maturing SOC/IR capabilities
• Experience with MITRE ATT&CK, Threat Intelligence, Threat Hunting, Enterprise Logging, Cloud IR

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.