Incident Response Expert - IV -IRE04
Company: Solutions Technology / STI Health & Wellness
Location: State Farm
Posted on: April 5, 2026
|
|
|
Job Description:
About the Mission 110 STI provides critical, advanced technical
support to the DHS Hunt and Incident Response Team (HIRT). We act
as the front-line defense for Government agencies and critical
infrastructure owners, executing rapid, on/offsite incident
response and proactive hunting to evict adversaries. We secure the
nation's infrastructure using sophisticated host- and network-based
analysis to identify compromises, characterize breach severity, and
develop targeted mitigation plans. Position Summary As a Cyber
Eviction Analyst (SME) , you will serve as a technical expert on
high-level incident response teams, tackling exceptionally complex
cyber security challenges. You will apply in-depth knowledge of
threat actor (TA) tools, techniques, and procedures (TTPs) to
proactively hunt, contain, and eradicate malicious activity. This
role requires an investigative mindset, significant autonomy in
determining technical objectives, and the ability to turn complex
forensic findings into actionable, high-impact intelligence for
stakeholders. Key Responsibilities Proactive Hunting & Response:
Act as a Hunt/IR SME, conducting proactive threat hunting and rapid
incident response to detect and evict adversaries from network
environments. Technical Analysis: Analyze host- and network-based
data, forensic artifacts, and malware to characterize breach
severity and determine root causes. Evidence-Based Reporting:
Distill complex analytical findings into executive summaries and
detailed technical reports for high-level stakeholders. Containment
& Eradication: Support internal stakeholders and customers on
containment, mitigation, and eradication missions. Strategic
Advising: Advise technical personnel on countermeasure
implementation, security tool customization, and architecture
enhancements. Knowledge Management: Document investigation findings
in a standardized knowledgebase to improve branch processes and
procedures. Technical Leadership: Guide the completion of complex
hunt activities with only broad direction, exercising considerable
latitude to determine technical approaches. Required Qualifications
Citizenship: U.S. Citizenship (Mandatory). Clearance: Active TS/SCI
Clearance (Mandatory). Suitability: Ability to obtain DHS
Suitability. Experience: 8 years of directly relevant experience in
cyber incident response, threat hunting, or forensic analysis.
Technical Skills: Strong understanding of network architecture,
Windows/Linux operating systems, and adversarial TTPs (MITRE
ATT&CK Framework). Communication: Exceptional written and oral
communication skills for briefing both technical and executive
audiences. Travel: Ability to travel domestically on short notice
to support on-site incident response. Desired Qualifications
Relevant certifications: GCIH, GCIA, GNFA, or similar. Experience
with forensic analysis tools (e.g., EnCase, FTK) and EDR platforms.
Experience leading or mentoring technical teams during high-stakes
incidents. Additional Qualifications: Ability to think
independently Demonstrates superior written and oral communication
skills Must be able to work collaboratively across physical
locations Skilled in identifying different classes of attacks and
attack stages Understanding of system and application security
threats and vulnerabilities Understanding of proactive analysis of
systems and networks, to include creating trust levels of critical
resources Proficiency with common operating systems (e,g,
Linux/Unix, Windows) Desired Skills: Experience leading and
mentoring technical teams Knowledge of Computer Network Defense
policies, procedures and regulations Knowledge of different
operational threat environments (e.g., first generation [script
kiddies], second generation [non nation-state sponsored], and third
generation [nation-state sponsored]) Knowledge of system and
application security threats and vulnerabilities (e.g., buffer
overflow, mobile code, cross-site scripting, PL/SQL and injections,
race conditions, covert channel, replay, return- oriented attacks,
and malicious code) Network and System administration experience
Strong understanding of adversarial tactics/techniques/procedures
(TTPs) Experience with Identity and Access Management (IAM) tools
Ability to review and analyze Enterprise Architecture (EA) from a
security perspective Understanding of cyber defense-in-depth
principles Hands-on skill in host/network intrusion detection
Ability to perform event correlation Experience with malicious
activity analysis Ability to collaborate with stakeholders at
multiple levels within an organization Required Education: BS
Computer Science, Cyber Security, Computer Engineering, or related
degree; or HS Diploma & 10 years of technical experience in the
area of expertise. Desired Certifications: One or more DoD 8140.01
IAT Level II, IASAE II, CSSP Analyst DoD 8140.01 GCIA, GCIH, CSSP
Analyst/CSSP Incident Responder DoD 8140.01 CEH, CSSP Analyst SANS
GIAC GNFA preferred SANS GRID, GICSP, or GCIP a plus
Keywords: Solutions Technology / STI Health & Wellness, Chesapeake , Incident Response Expert - IV -IRE04, IT / Software / Systems , State Farm, Virginia
