Senior Incident Response Analyst
Arlington, VA
Full Time
Civilian
Experienced
Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years!
TDI is seeking a Senior Incident Response Analyst to join our team in support of a mission-critical government program. As part of the Security Operations Center, you will help monitor, detect, investigate, and respond to cybersecurity threats affecting a large-scale enterprise environment while supporting coordinated incident response across multiple organizations.
TDI is seeking a Senior Incident Response Analyst to join our team in support of a mission-critical government program. As part of the Security Operations Center, you will help monitor, detect, investigate, and respond to cybersecurity threats affecting a large-scale enterprise environment while supporting coordinated incident response across multiple organizations.
This position is hybrid with commute to the Arlington, VA area.
RESPONSIBILITIES:
- Lead and coordinate cyber incident response activities across the full Incident Response lifecycle, including investigation, containment, eradication, and recovery.
- Analyze security events, logs, network traffic, endpoint telemetry, and forensic artifacts to determine the scope, root cause, and impact of cyber incidents.
- Identify adversary tactics, techniques, and procedures (TTPs) and develop indicators of compromise (IOCs) to improve threat detection and response.
- Develop, maintain, and enhance Incident Response processes, playbooks, workflows, and standard operating procedures (SOPs).
- Configure, tune, and optimize security technologies, including SIEM, EDR, IDS/IPS, and related monitoring tools, to improve detection accuracy and reduce false positives.
- Create and maintain detection content, including correlation rules, use cases, signatures, alerts, and automation scripts to strengthen SOC monitoring capabilities.
- Document investigations, response activities, and findings within case management systems, producing clear incident reports and after-action documentation.
- Establish and track SOC performance metrics and key performance indicators (KPIs) to measure operational effectiveness and support continuous improvement.
- Ability to obtain Public Trust clearance and successfully complete the EOD process.
- Candidates must possess at least one of the following certifications: GIAC: GCIH, GCIA, GCFA, GCFE, GREM, or GPEN, CISSP, OSCP, OSCE, or OSWP.
- Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a related field and 12–15 years of relevant experience.
- Must have technical hands-on experience in the areas of incident detection and response, malware analysis, or computer forensics.
- Expertise with Windows and Linux operating systems, enterprise networking, common protocols, and security infrastructure (firewalls, proxies, VPNs, load balancers).
- Demonstrated experience investigating cyber incidents, performing root cause analysis, identifying attacker TTPs, and leveraging frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
- Proficiency in Python, PowerShell, Bash, or similar scripting languages to support security automation and incident response.
- Experience in cyber government, and/or federal law enforcement FISMA systems.
TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.
“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”

Apply for this position
Required*
