Amentum · 7 hours ago
Senior Cyber Defense Analyst / Incident Responder IRES - SSFB
US-CO-Colorado Springs
Full-time
Onsite
Senior Level
$140K/yr - $150K/yr
6+ years expAmentum is seeking a Senior Cyber Defense Analyst / Incident Responder to support the Missile Defense Agency on the Integrated Research and Development for Enterprise Solutions contract. The role involves overseeing cybersecurity operations, performing incident response, and mentoring junior analysts to enhance the organization's cybersecurity posture.
Mechanical EngineeringSecurityTechnical Support
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Provide oversight and guidance on the MDA Cybersecurity Service Provider - Computer Emergency Response Team’s (MDA CSSP-CERT’s) Cyber Defense and Incident Response program and serve as the primary POC for Jr and Mid Cyber Defense Analyst
Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM)
Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture
Perform preliminary analysis, identification, and response actions to detect, characterize, and respond to cyber incidents IAW CJCSM 6510.01B
Lead event/incident investigations from start to conclusion, to include gathering data, analysis, and reporting
Properly document all steps in the incident response process while taking care to preserve and protect incident artifacts, evidence, and chain of custody
Analyze correlated asset, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture
Support a Cyber Defense Analyst and Cyber Defense Incident Responder training plan by instructing, evaluating, and mentoring Junior and Mid Cyber Defense Analyst and Cyber Defense Incident Responders
Support the development, establishment, review and update of DCO procedures, processes, manuals, and other documentation
Leverage actionable Cyber Threat Intelligence data to search for indicators of compromise and develop SIEM content/signatures to detect known attack patterns and make recommendations for improvements
Coordinate with CSSP-CERT subscribers to develop current configurations, rules, and signatures for cyber security related toolsets
Coordinate with CSSP-CERT subscribers to notify, investigate, and remediate discrepancies in security logging and CSSP-CERT alignment
Provide standardized and targeted training in support of CSSP-CERT subscriber cyber defense and incident response programs
Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines
Provide support to internal and external Insider threat and law enforcement / counterintelligence (LE/CI) agencies during cyber incidents / investigations
Qualification
Required
Must have 6, or more, years of general (full-time) work experience
Must have 4, or more, years of combined experience performing the full life-cycle of incident response and enterprise-level monitoring and analysis of events
Must have 2, or more, years of experience in management or leadership in a team environment
Must have, or obtain within 6 months of hire, a DoD 8570.01-M IAT Level III certification with Continuing Education (CE) - (CASP+, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP)
Must have a DoD 8570.01-M CSSP Analyst and CSSP Incident Responder certifications (CEH or CySA+ cover both)
Must have an active DoD Secret Security Clearance
Must be able to obtain an active DoD Top Secret Security Clearance
Have experience with most MS Office applications (Word, Excel, PowerPoint, and Visio)
Be able to multi-task and prioritize various projects and assignments in a dynamic work environment in order to meet scheduled/unscheduled customer requests
Be willing to travel 25% of the time
Be willing to work rotating shifts in a 24/7 operational environment and respond quickly to emergencies as needed
Preferred
Have a Master's degree, or higher, in Cybersecurity, Computer Science or related field
Have experience with security analysis and solutions in a WAN/LAN environment to include Routers, Switches, Network Devices, and Operating Systems (e.g., Windows, and Linux)
Have experience with other Security Operations Centers (SOC)/DCO tools/applications, such as Firewalls, Intrusion Detection Systems / Intrusion Prevention Systems, Network Security Manager, Forward Proxy, Spam Firewall, etc
Have experience analyzing security compliance scans performed across a WAN (ACAS/Nessus preferred)
Have experience analyzing network and host-based threats (ESS preferred)
Be able to mentor and train personnel in an evolving, high-paced environment
Be familiar with DoD Security Operations Centers (SOC)
Be familiar with DCO/Cybersecurity Service Provider (CSSP)-guiding security policies and procedures
Have an active DoD Top Secret clearance
Benefits
Health, dental, and vision insurance
Paid time off and holidays
Retirement benefits (including 401(k) matching)
Educational reimbursement
Parental leave
Employee stock purchase plan
Tax-saving options
Disability and life insurance
Pet insurance
Company
Amentum
Amentum is a technology and engineering company for security, defense, and energy.
10001+ employees
Funding
Current Stage
Public CompanyTotal Funding
$321.16M2025-03-12Post Ipo Secondary· $321.16M
2024-09-27IPO
2020-01-01Private Equity
Leadership Team
Ajay Nagar
Vice President
Darren Burton
Chief People Officer
Recent News
2026-01-20
Company data provided by crunchbase