Senior Incident Handling Analyst Lead

Clearance Level
Top Secret/SCI
Cyber Security
Alexandria, Virginia

REQ#: RQ48358

Travel Required: Less than 10%

Today’s Cyber targets never stop moving – that’s why we never stand still. From protecting our nation’s critical infrastructure to securing the tactical edge, cybersecurity is embedded in everything we do. Amongst our numerous cyber programs, our JSP DCO program is at the forefront of GDIT’s cyber capabilities protecting one of our nation’s most important networks. JSP is undergoing a transformation as they transition to forward leaning areas of cybersecurity.  Be part of that transformation and join our mission!

The Joint Service Provider (JSP) Defense Cyber Operations Internal Defense Measures (DCO IDM) program is searching for Senior Incident Handling Analyst Lead to work at the Mark Center in Alexandria, VA.


(1) This is a full-time, onsite position. Due to the type of access this role entails, telecommuting is not allowed. 

(2) This is Key Position and requires on-call/recall support.

This Senior Incident Handler will demonstrate expert-level knowledge in the planning, directing, and managing Computer Incident Response Team (CIRT) operations in a large organization. In addition, they will contribute to a team of Cybersecurity professionals working with a variety of security hardware and software. Incident Handlers will assist in writing reports, briefing event details to Senior Leadership, and coordinating remediation within large/complex networks.

The Incident Handling Branch provides incident analysis, forensics, reverse engineering, and fusion reporting to provide JSP leadership, customers, and appropriate agencies situational awareness on current and emerging threats, as well as indications and warnings (I&W). The Incident Handling Branch response services includes reporting, analyzing, coordinating, and responding to any event or computer security incident. Incident Response includes the coordinated development and implementation of courses of action (COAs) that focus on containment, eradication, and recovery. At the same time, it ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or Counter Intelligence (CI) or Law Enforcement (LE) investigations.

The work location is at the Pentagon and surrounding facilities and is in support of Pentagon networks.

As a Senior Incident Handler you will:

  • Respond to threats of varying sophistication targeting Pentagon Networks and resources
  • Perform Digital Forensics & Incident Response (DFIR) investigations using commercial, open source, and custom tools
  • Perform Netflow and PCAP analysis of network traffic
  • Report & Present on threats targeting pentagon network
  • Validate findings from third party assessments of Pentagon Networks
  • Assist with evaluating existing defensive capabilities and recommend adjustments and improvements
  • Provide feedback and expert opinion on new and existing toolsets (EDR, etc)
  • Interact with other SOC/CSSP/Intelligence organizations in the community through regular meetups

REQUIRED Qualifications:

  • Active TS/SCI clearance (DIA Adjudicated or capable of reciprocal acceptance by DIA)
  • DoD 8570 IAT Level II certification
  • DoD 8570 CND Analyst baseline certification
  • Bachelors of Science in Computer Science or Information Systems (6+ years of experience in Incident Response in lieu of a degree) 
  • 10 or more years CND Incident Response experience, with at least 5 years experience in DOD or IC
  • Demonstrate experience with CJCSM 6510.01B
  • Demonstrate expert-level knowledge of network traffic and communications, including known ports and services
  • Demonstrate  a strong knowledge of the Windows operating system, knowledge in various Linux distributions and the Unix framework
  • Demonstrates knowledge of the following security related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, network packet analyzers, malware analysis, forensic tools, and enterprise level appliances
  • Demonstrate a deep understanding of various open source and commercial analysis tools used for incident analysis, both network and host based
  • Demonstrate expert-level knowledge and supervision of employees of various labor categories and skills in efforts similar in size and scope as this acquisition
  • Demonstrate experience in a DOD or IC IT environment;
  • Demonstrate understanding of DOD accreditation policies, processes, and practices.
  • Demonstrate expert-level knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) operations in an organization similar in size to this acquisition;
  • Demonstrate experience in a forensic laboratory environment
  • Demonstrate experience in an IT development environment
  • Willing to provide on-call/recall support, as needed.


We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.