Incident Responder (Cybersecurity)

TL;DR

Incident Responder (Cybersecurity): Delivering advanced incident response and threat hunting services for the Administrative Offices of the U.S. Courts with an accent on cloud and on-premises environment security. Focus on identifying sophisticated cyber threats, conducting forensic analysis using EDR tools, and strengthening overall detection capabilities.

Location: Hybrid (Washington, DC) — 4 days onsite at the Thurgood Marshall Building required

Company

hirify.global provides specialized cybersecurity and IT support services to government agencies, including the U.S. Courts.

What you will do

• Provide incident response support and proactively hunt for threats across cloud and on-premises environments.
• Analyze SIEM alerts, security events, and forensic data to determine risk and impact.
• Conduct counterintelligence activities and develop Threat Actor (TA) dossiers and TTPs.
• Perform malware triage, root cause analysis, and implement WAF rules.
• Collaborate with IT personnel to troubleshoot endpoint detection and produce comprehensive incident reports.
• Maintain Standard Operating Procedures (SOPs) and security playbooks within an Agile framework.

Requirements

• Must be able to obtain a Low Risk Public Trust Suitability Determination.
• Minimum 5 years of experience in incident response (Azure, O365, AD, Zscaler).
• Minimum 5 years of experience with Splunk Enterprise Security.
• Minimum 5 years of experience with EDR tools (CrowdStrike, Qualys) and custom scripts.
• Required Certification: Splunk Core Power User.
• Required Certification: One of GCIA, GCIH, GMON, or GDAT.

Nice to have

• Experience with Microsoft Sentinel, Tenable Nessus, NetScout, SPUR.us, or Mandiant threat intelligence feeds.

Culture & Benefits

• Collaborative, Agile-based cybersecurity operations environment.
• Hybrid work schedule (80% onsite, 20% remote).
• Opportunity to support critical national judicial infrastructure.