NIH - Incident Response Specialist at cFocus Software Incorporated – Rockville, Maryland

cFocus Software seeks a Incident Response Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance.
Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related technical discipline.
• Minimum 2–5 years of experience supporting cybersecurity operations or incident response activities.
• Experience supporting incident response investigations and remediation activities.
• Familiarity with SIEM tools, log analysis, and threat detection technologies.
• Understanding of NIST cybersecurity frameworks and federal security requirements.
• Ability to analyze security alerts and investigate potential cybersecurity incidents.
• Strong analytical, documentation, and communication skills.

Duties:

• Monitor security alerts and respond to cybersecurity incidents affecting NCATS systems.
• Conduct incident triage, analysis, containment, eradication, and recovery activities.
• Coordinate incident response activities with NCATS IT teams, security leadership, and NIH cybersecurity teams.
• Maintain incident documentation and prepare incident response reports.
• Support development and improvement of incident response procedures and playbooks.
• Investigate and analyze security incidents to determine root cause, scope, and impact.
• Perform technical analysis of system logs, network activity, and endpoint data during investigations.
• Coordinate containment and remediation actions for identified incidents.
• Maintain incident tickets and track investigation progress.
• Develop post‑incident analysis reports and recommend improvements to strengthen defenses.
• Support operational cybersecurity monitoring and response activities.
• Assist with security monitoring tools such as SIEM, intrusion detection systems, and endpoint protection systems.
• Participate in threat hunting and vulnerability mitigation activities.
• Provide technical support for incident response exercises and security testing activities.
• Support secure firewall management and network security monitoring activities.
• Assist with implementation of firewall rules following least‑privilege and default‑deny principles.
• Participate in firewall rule reviews and validation of network traffic logs.
• Support monitoring of network segmentation controls and security zones.
• Validate logging configurations to ensure compliance with federal logging requirements.