Cybersecurity Intrusion Handler – 2nd Shift #3386


  • US-DC-Washington
  • Information Technology
Apply Now

Company Overview

GovCIO is a team of transformers—people who are passionate about transforming government I.T. We believe in making a difference by developing digital strategies and delivering the technology-related innovation governmental operations that improve the citizen experience every day.

But we can’t do it alone. We welcome and nurture an inclusive and diversified work culture. Because different backgrounds, experiences, abilities, and perspectives make us better decision-makers, problem solvers, and creators. We’re changing the face of I.T. – from our diverse staff to the end-products we develop. And we’re excited to expand our team. Are you ready to be a transformer? 

GovCIO is seeking inquisitive and problem-solving Cyber Security Incident Handler with 3 years of junior-level (Tier I) security operations center (SOC) experience to support a federal agency enterprise SOC. The Cyber Security Incident Handler will support our customers POCs in responding and notification from detection, response, mitigation, and reporting of cyber threats affecting everything on the client’s networks. This position is slotted for 2nd shift work of 4:00 pm to 12:30 am Monday to Friday within the 24×7 SOC. The location is the Washington DC Metro area. This is a straight shift hours Monday to Friday, with one On-call rotation for the SOC or weekend rotations monthly.

Key Responsibilities

  • Respond to cyber incidents, including responding to SOC IR phone calls and SOC emails from the client and customer POCs.
  • Provide support in the detection, responses, mitigation, and reporting of cyber threats affecting internal and external clients’ networks.
  • Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in the cyber security operation center.
  • Develop documentation, reports, briefs, and review SOPs with customer to give an accurate depiction of the current threat landscape and associated risk that is affecting the clients’ networks.
  • Provide analysis for correlated information sources to the client which is notified by the Cyber SOC Team Lead or the Government Watch Officer.
  • Act as a Subject Matter Expert in investigations for potential incidents at the SOC Tier 1 Level.
  • Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions.
  • Work with SOC federal staff, Shift Lead, Senior Analyst to analyze, triage, contain, and remediate security incidents.
  • Follow Federal IRP, SOC SOPs and other prudent documentation procedures to work and be effective while having an eye towards process improvement/effectivity.
  • Knowledgeable on multiple technology and system types.
  • Able to articulate the incident response lifecycle.
  • Manages and responds to computer security incidents that involve enterprise systems and data including personally identifiable information (PII) breaches.
  • Proficient in understanding how to use Splunk, and ticketing systems to track reported incidents.
  • Helps improve the overall security posture by independently verifying the security of enterprise systems, and to ensure the timely dissemination of security information to the appropriate contractor and federal stakeholders.
  • Understanding of various security analyzation such as firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings,


Required Qualifications




  • Bachelor’s with 5 – 8 years (or commensurate experience)
  • 3+ years Security operations center (SOC) experience
  • Specialized Skill Areas such as:
  • Digital Forensics
  • Automation/Scripting
  • SIEM Exposure
  • Incident response triage
  • Threat hunting
  • Threat Intelligence
  • Security Annotation
  • Security Artifact Gathering


Additional Requirements

  • Must be able to obtain and maintain a public trust.
  • Must be a US Citizen.
  • Work location Washington, DC, but remote while with COVID.
  • Candidate must have one or more of the following required certifications: Security Plus, CISSP, GCIH Certified Incident Handler, GISF Information Security Fundamentals
  • Travel: No “only to duty station once approved to return to the building”.

2nd shift work of 4:00 pm to 12:30 am Monday to Friday within the 24×7 SOC


Desired Qualifications

  • Experience with multiple types of attack types and attack vectors.
  • Experience involving a range of security technologies that product logging data; to include wide area networks host and network IPS/IDS/HIPS traffic event review, server web log analysis, raw data logs and the ability to communicate clearly both orally and in writing.
  • Experience utilizing Splunk SIEM 2 plus years, writing and creating Splunk Search Processing Language (SPL), creating, and running queries, and performing analytics examination of logs and console events, as well as creating advance queries methods in Splunk or advance Grep Skills, firewall ACL Review, examining Snort based IDS events, PCAPS, and web server log review.
  • Experience tracking incidents against a framework such as MITRE ATT&CK or Cyber Kill Chain methodology.
  • Forensic investigation of emails for phishing campaigns, spam emails and malware analysis experience/exposure.
  • Experience with multiple vendor technologies, such as Azure Sentinel, Microsoft 365 Security Center, FireEye (Trellix) suite of products, Domain Tools, Industry name Firewall/IPS, and OSINT tools.
  • Experience using Helpdesk ticket capturing tools such as HEAT & ServiceNow.
  • Ability to perform introspection of incident for after action reports to both technical and non-technical staff
  • Up to date understanding of threat vectors, attacker methodology and how they tie into the cyber kill chain or ATT&CK framework.


COVID Policy: New employees will be required to adhere to the Company’s and its clients’ COVID-19 safety procedures. In the event that the COVID-19 vaccination mandate for Federal Contractors is enforced, you must become fully vaccinated or request and be approved for an exemption. Employees working onsite at a client location must comply with our client’s COVID-19 requirements.

GovCIO is a team of professionals who want to make a difference. And that can only happen with a diverse, happy, and cared-for team. So, we prioritize your well-being, equity for all and look for ways to make work a better place for each of us every day.

We are an Equal Opportunity Employer. All qualified applicants receive consideration for employment without regard to race, ethnicity, religious affiliation, gender, gender identity or expression, sexual orientation, national origin, or disability status. EOE AA M/F/Vet/Disabled

Apply Now

Not The Right Fit?

Is this not the job you’re looking for? That’s ok! We’ve got plenty of other opportunities for you to peruse. Search all of our open positions by your area of interest or location.

View All Jobs