Incident Response Analyst

Job Locations US-VA-Arlington
Job ID
Clearance Level
Top Secret/SCI


Project Overview:
The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) leads efforts to improve the Nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the Nation while protecting the constitutional rights of Americans. US-CERT strives to be a trusted global leader in cybersecurity—collaborative, agile, and responsive in a dynamic and complex environment.

US-CERT is the 24-hour operational arm of the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC). Through its 24x7 operations center, US-CERT accepts, triages, and collaboratively responds to incidents; provides technical assistance to information system operators; and disseminates timely notifications regarding current and potential security threats and vulnerabilities.


The Incident Response Analyst provides oversight of incident data flow and response, content, and remediation, and partners with other incident response centers in maintaining an understanding of threats, vulnerabilities, and exploits that could impact networks and assets.

  • Performs real-time proactive security monitoring and reporting on various security enforcement systems, such as SIEM, Anti-virus, Internet content filtering/reporting, malcode prevention, Firewalls, IDS & IPS, Web security, Anti-spam, etc. Performs the role of primary Incident Coordinator for all IT Security events requiring focused response, containment, investigation, and remediation.
  • Work closely with network/incident analysts and IC analysts to monitor current attack and threat information to identify those that are relevant to the US-CERT mission space
  • Conduct analysis of indicators of compromise to identify attack vectors and patterns
  • Identify adversary TTPs that define potential attacks
  • Differentiate between anomalous traffic patterns caused by misbehaving users and/or systems, and create a timeline of intrusion activity
  • Have working knowledge of cyber and other security policies and capabilities to prevent, detect, monitor and mitigate cyber-attacks


Required Education:

Bachelor's Degree in relevant field



Required Experience:

  • Network architectures, protocols, and standards (TCP/IP, IPSEC, ATM, SNMP)
  • Incident response lifecycle and methodologies
  • Anti-virus and signature development and deployment
  • Intrusion detection and prevention systems
  • Windows and/or Linux environments
  • FISMA Guidance and other cybersecurity frameworks


Required Clearance: 

Active TS/SCI clearance



Desired Qualifications:




About Aveshka:

Aveshka is a professional services firm focused on addressing our nation’s most complex threats and challenges. As a small business we’re committed to supporting our clients’ missions with services delivered by our diverse and experienced staff. With expertise in cybersecurity, emergency preparedness, and public health, our experience base spans federal, state, and local governments, as well as private sector entities.


Aveshka encourages collaborative communication and ongoing learning.  Some of our benefits include:


  • Extensive training programs
  • Gym membership reimbursement
  • Education reimbursement
  • Technology benefits
  • Commuter benefits
  • Generous paid time off and much more!


Aveshka is an Equal Opportunity Employer (EOE)


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed