ASRC Federal is seeking a Cyber Defense Incident Response with cloud experience to support a mission-critical DCSA cybersecurity program. This role is responsible for detecting, analyzing, and responding to security incidents affecting cloud-hosted and hybrid environments supporting national security systems. 

Remote flexibility available! Telework offered with a requirement to be onsite up to one (1) day a week at Hanover, MD.

Position Description:

As the Cyber Defense Cloud Incident Responder, your primary duty is to safeguard our national security systems by monitoring AWS, Azure, and Google Cloud environments for malicious activity using advanced SIEM and SOAR platforms. You will lead the entire incident response lifecycle—from detection and containment to eradication and recovery—performing root cause analysis and coordinating with the SOC, engineering, and government stakeholders. A key part of your role involves leveraging threat intelligence to identify emerging cloud-based threats, mapping adversary tactics to the MITRE ATT&CK framework, and recommending defensive improvements. Additionally, you will be responsible for identifying cloud misconfigurations, supporting vulnerability remediation, and ensuring all activities align with critical compliance standards like NIST 800-53 and RMF through diligent documentation and audit support.

Minimum Requirements: 

• Two (2) to Four (4) years’ hands-on cybersecurity experience in one or more of the following: 
• Incident Response or Threat Hunting within a mid-to-large enterprise 
• SOC operations supporting cloud or hybrid environments 
• Enterprise vulnerability management or endpoint/cloud security operations 
• Active Top Secret (TS) Clearance REQUIRED, eligible to be upgraded to TS/SCI
• DoD 8570 Information Assurance (IA) Program / DoD 8140 Cyber Workforce Qualification Program (CWQP): Must meet DoD 8570.01-M / IAT Level II or IAM Level II requirements at a minimum. At least one active qualifying certification required, including but not limited to: 
• CompTIA Security+ CE, CompTIA CySA+, CompTIA SecX  CE, SSCP, GCIH, GCED, GCIA, GSEC, CEH, Pentest+, Cloud+, GICSP, CISSP (or Associate)
• Bachelor’s Degree, in Cybersecurity, and/or Information Systems Management or equivalent combination of education, experience and military service

Key Responsibilities: 

• Cloud Security Operations & Monitoring 
• Monitor AWS, Azure, and/or Google Cloud environments for malicious or anomalous activity using SIEM, SOAR, and cloud-native security tooling. 
• Analyze logs, telemetry, alerts, and cloud audit data to identify indicators of compromise (IOCs) and attack patterns. 
• Tune detection logic and alerting to reduce false positives and improve response fidelity. 
• Incident Response 
• Lead and support incident response activities across the full lifecycle: identification, containment, eradication, recovery, and lessons learned. 
• Perform root cause analysis and impact assessments for cloud-related security incidents. 
• Coordinate response actions with SOC analysts, engineering teams, system owners, and government stakeholders. 
• Document incidents, response actions, and remediation recommendations in accordance with government reporting requirements. 
• Threat Intelligence & Analysis 
• Leverage threat intelligence sources to identify emerging threats targeting cloud platforms and federal environments. 
• Map adversary activity to MITRE ATT&CK and cloud-specific threat models. 
• Recommend defensive improvements based on observed tactics, techniques, and procedures (TTPs). 
• Vulnerability & Risk Management 
• Identify cloud misconfigurations, exposed services, and security gaps. 
• Support vulnerability assessments and remediation prioritization for cloud-hosted systems. 
• Advise on security controls aligned to NIST and DoD requirements. 
• Compliance & Audit Support 
• Support compliance activities aligned to NIST 800-53, RMF, and DoD cybersecurity requirements. 
• Assist with security documentation, evidence collection, and audit response. 
• Validate cloud security configurations against established baselines and policies. 

Required Technical Skills: 

• Cloud Platform experience: Practical experience securing AWS, Azure, and/or Google Cloud environments 

• Security Tooling: Experience with SIEM/SOAR platforms such as Splunk, Elastic, Swimlane, or equivalent 

• Incident Response: Proven experience executing IR playbooks and responding to real-world security incidents 

• Networking & Systems: Strong understanding of TCP/IP, DNS, authentication mechanisms, operating systems, log analysis, and cloud architecture 

• Frameworks & Standards: Familiarity with NIST Cybersecurity Framework, NIST 800-53, and RMF concepts 

• Analysis & Reporting: Ability to clearly document findings, response actions, and technical recommendations 

Desired (Nice-to-Have) Qualifications: 

• Experience supporting classified or DoD environments 

• Familiarity with cloud-native security services (e.g., AWS Guard Duty, AWS Security Hub, Defender for Cloud, Security Command Center) 

• Experience with automation, scripting, or SOAR workflows 

• Exposure to threat hunting or advanced adversary analysis 

Work Environment and Physical Demands: 

• This is primarily a Telework position with a requirement to be onsite up to one (1) day a week. Full-time onsite presence at Fort Meade may be required in the future at the government’s discretion  
• If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection
• Must be able to communicate complex technical ideas to a diverse customer base both verbally and in written form

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefit packages. This position is offering a pay range of $87,683.00 - $145,000.00 depending on experience, seniority, geographic locations, and factors permitted by law. Benefits offered may include health care, dental, vision, life insurance; 401k; education assistance; paid time off including Paid Time Off, holidays and any other paid leave required by law.

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. The salary offered will depend on several factors including, but not limited to, relevant experience, skills, education, geographic location, internal equity, business needs, and other factors permitted by law. Posted pay ranges are a general guideline only and are not a guarantee of compensation or salary.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.