Tier 2 Cyber Incident Response Team (CIRT) Analyst

by | Jul 24, 2025

  • Anywhere

Job Title:  Tier 2 Cyber Incident Response Team (CIRT) Analyst
Location: Beltsville, MD/Rosslyn, VA
Terms: Full-time; 0600 – 1400 EST Shift, Tuesday – Saturday
Requirements: Must be a U.S. Citizen with Active Security Clearance 

About the Role

Cyber Management International Corporation is actively recruiting highly motivated IT Security professionals looking for challenging, exciting work in support of the U.S. Department of State (DOS). Specifically, our customer is the Bureau of Diplomatic Security (DS), Directorate of Cyber and Technology Security (CTS). DS/CTS is a center of excellence that brings together cybersecurity, technology security, and investigative expertise as a unified security capability focused on solving critical and emerging issues enabling the State Department to fulfill its vital global mission.   

The Cyber Incident Response Team (CIRT) uses a combination of network, host-based, on-premises and cloud security tools to perform near real-time detection, collection, analysis, correlation and reporting of system security events that pose a threat to the Department’s networks, data, and assets. The mission of the CIRT is to work closely with internal and external entities to:   

  • Monitor all available Department computer environments for malicious activity;   
  • Respond to and assist with the resolution of any suspected or successful cyber security breach or violation;   
  • Share knowledge and intelligence gained from cyber security events with stakeholders; and   
  • Protect against and prevent potential cyber security threats and vulnerabilities.   

Responsibilities 

  • Detect, classify, process, track, and report on cyber security events and incidents. 
  • Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment. 
  • Analyze logs from multiple sources (e.g., host logs, EDR, firewalls, intrusion detection systems, servers) to identify, contain, and remediate suspicious activity. 
  • Characterize and analyze network traffic to identify anomalous activity and potential threats. 
  • Protect against and prevent potential cyber security threats and vulnerabilities. 
  • Perform forensic analysis of hosts artifacts, network traffic, and email content. 
  • Analyze malicious scripts and code to mitigate potential threats. 
  • Conduct malware analysis to generate IOCs to identify and mitigate threats. 
  • Collaborate with Department of State teams to analyze and respond to events and incidents. 
  • Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform, hotline, email inboxes. 
  • Create tickets and initiate workflows as instructed in technical SOPs. 
  • Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA). 
  • Collaborate with other local, national and international CIRTs as directed. 
  • Submit alert tuning requests. 

 

Qualifications: Basic Requirements 

  • Bachelor’s degree and a minimum of 2 years of relevant experience, or a High School diploma and 6 years of relevant experience. 
  • Must possess at least one of the following certifications prior to start date: 
  • CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, or SSCP 
  • Demonstrated experience in the Incident Response lifecycle. 
  • Knowledge of SOAR ticketing and automated response systems (e.g. ServiceNow, Splunk SOAR, Microsoft Sentinel). 
  • Demonstrated experience with using Security Information and Event Management (SIEM) platforms (e.g. Splunk, Microsoft Sentinel, Elastic, Q-Radar). 
  • Demonstrated experience in using Endpoint Detection and Response systems (e.g. MDE, ElasticXDR, CarbonBlack, Crowdstrike). 
  • Knowledge of cloud security monitoring and incident response. 
  • Knowledge of integrating IOCs and Advanced Persistent Threat actors. 
  • Ability to analyze cyber threat intelligence reporting and understanding adversary methodologies and techniques. 
  • Knowledge of malware analysis techniques. 
  • Knowledge of the MITRE ATT&CK and D3FEND frameworks. 
  • U.S. citizenship required. 
  • Active Interim Secret clearance in order to start. 

Preferred Qualifications: 

  • Proficiency with Splunk for security monitoring, alert creation, and threat hunting. 
  • Knowledge of Microsoft Azure access and identity management. 
  • Proficiency with Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations. 
  • Experience in using digital forensics collection and analysis tools (e.g. Autopsy, MagnetForensics, Zimmerman-Tools, KAPE, CyLR, Volatility). 
  • Experience with using ServiceNow SOAR for ticketing and automated response. 
  • Knowledge of Python, PowerShell and BASH scripting languages. 
  • Experience with cloud security monitoring and incident response. 
  • Demonstrated ability to perform static/dynamic malware analysis and reverse engineering. 
  • Experience with integrating cyber threat intelligence and IOC-based hunting. 
  • Technical certifications such as: Security+, CySA+, Cloud+, Try Hack Me SAL1, Hack the Box CDSA, CyberDefenders, CCD, Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA.
  • Advanced technical certifications such as: SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA.


About us
Cyber Management International Corp. (CyberMGT) is a rapidly growing Service-DisabledVeteran Owned Small Business (SDVOSB) providing all aspects of IT Management from strategy & design to engineering & development, through transition to operations & maintenance, with a focus on security throughout. Information Management is vital to our customers’ success… keeping it flowing and keeping it safe is our mission! We offer excellent compensation & benefits, and opportunity’s for a successful career. Come join us as we grow!  
 

For more information about our company, please visit www.cybermgt.com or email us at recruiting@cybermgt.com 

To apply for this job email your details to gavallask@cybermt.com