Location: On-site in Hines, IL Martinsburg, WV, or Austin, TX
Required Clearance: Ability to obtain Tier 4 / High Risk Background Investigation
Required Education: Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field (or equivalent work experience)
Required Experience: 3+ years of experience supporting incident response in an enterprise-level Security Operations Center (SOC)
Description
PingWind is seeking a Cyber Incident Response Tier II Analyst to support our VA customer at Hines, IL Martinsburg, WV, or Austin, TX.
Certifications: Must currently have or be willing to obtain one of the following certifications (or equivalent):
• GIAC Certified Incident Handler
• EC-Council’s Certified Incident Handler (ECIH)
• GIAC Certified Incident Handler (GCIH)
• Incident Handling & Response Professional (IHRP)
• Certified Computer Security Incident Handler (CSIH)
• Certified Incident Handling Engineer (CIHE)
• EC-Council’s Certified Ethical Hacker
Responsibilities
• Perform real-time monitoring and triage of security alerts in Cybersecurity toolsets including SIEM, and EDR
• Make accurate determination of what alerts are false positives or require further investigation and prioritization
• Lead and actively participate in the investigation, analysis, and resolution of cybersecurity incidents. Analyze attack patterns, determine the root cause, and recommend appropriate remediation measures to prevent future occurrences
• Ensure accurate and detailed documentation of incident response activities, including analysis, actions taken, and lessons learned. Collaborate with knowledge management teams to maintain up-to-date incident response playbooks
• Collaborate effectively with cross-functional teams, including forensics, threat intelligence, IT, and network administrators. Clearly communicate technical information and incident-related updates to management and stakeholders
• Identify and action opportunities for tuning alerts to make the incident response team more efficient
• Monitor the performance of security analytics and automation processes regularly, identifying areas for improvement and taking proactive measures to enhance their efficacy
• Leverage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate incident response processes, including enrichment, containment, and remediation actions
• Support the mentoring and training of more junior IR staff
• Stay informed about the latest cybersecurity threats, trends, and best practices. Actively participate in cybersecurity exercises, drills, and simulations to improve incident response capabilities
Requirements
• Work 100% on-site Tuesday through Saturday
• A deep understanding of cybersecurity principles, incident response methodologies, and a proactive mindset to ensure our SOC operates effectively in a high-pressure environment
• Strong experience with security technologies, including SIEM, IDS/IPS, EDR, and network monitoring tools
• Experience with enterprise ticketing systems like ServiceNow
• Excellent analytical and problem-solving skills
• Ability to work independently and in a team environment to identify errors, pinpoint root causes, and devise solutions with minimal oversight
• Ability to learn and function in multiple capacities and learn quickly
• Strong verbal and written communication skills
Preferred Qualifications
• Ability to investigate Indicators of Compromise (IOCs) using Splunk by correlating logs from multiple sources to detect, trace, and assess threat activity across the enterprise
• Experience leveraging Microsoft Defender for Endpoint (MDE) to perform endpoint investigations, analyze process trees, and validate IOCs during active threat scenarios
• Ability to remediate phishing incidents, including analysis of email headers, links, and attachments, identifying impacted users, and executing containment actions such as user lockouts, email quarantine, and domain blacklisting
• Experience performing root cause analysis of malware leveraging PowerShell, using tools such as MDE advanced hunting (KQL) and Splunk to identify infection paths, attacker behavior, and persistence mechanisms
About PingWind
PingWind is focused on delivering outstanding services to the federal government. We have extensive experience in the fields of cybersecurity, development, IT infrastructure, supply chain management and other professional services such as system design and continuous improvement. PingWind is an SBA certified Service-Disabled Veteran-Owned Small Business (SDVOSB) with offices in Northern Virginia and Huntsville AL. www.PingWind.com
Our benefits include:
• Paid Federal Holidays
• Robust Health & Dental Insurance Options
• 401k with matching
• Paid vacation and sick leave
• Continuing education assistance
• Short Term / Long Term Disability & Life Insurance
• Employee Assistance Program through Sun Life Financial EAP Guidance Resources
Veterans are encouraged to apply
PingWind, Inc. does not discriminate in employment opportunities, terms, and conditions of employment, or practices on the basis of race, age, gender, religious or political beliefs, national origin or heritage, disability, sexual orientation, or any characteristic protected by law
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
Join PingWind as a Business Development Intern and support our growth initiatives while gaining invaluable experience.
Join PingWind as a Configuration Management Specialist and contribute to vital U.S. military operations at Naval Base Guantanamo Bay.
Become a vital part of our team as an IaaS Administrator, where you'll manage and optimize our virtualized infrastructure within a Private Cloud environment.
Join NBCUniversal as a Staff Cyber Security Engineer and play a crucial role in enhancing the security architecture across various technologies.
Join TransUnion as a Senior Advisor Red Team, where you'll leverage your expertise in cybersecurity to safeguard against threats in a dynamic remote environment.
Step into a pivotal leadership role as Head of Security at Zipline, driving innovative cybersecurity practices in a transformative logistics company.
Join CommonSpirit Health as an IT Systems Engineer and play a critical role in improving healthcare through technology innovation.
Join our team as a Database Administrator where you will manage and optimize Oracle database systems.
Join A.P. Moller - Maersk as a Senior Cyber Detection Engineer and drive the transformation of cybersecurity strategies in a pivotal role.
Join Viasat as a Secure Enterprise Engineer and utilize your expertise in network operations to support and enhance their encryption solutions.
Join Fastmarkets as an Application Support Analyst and play a crucial role in ensuring the reliability of digital applications within a fast-paced company.
Elevate your career as an AI-ML Solution Architect leading transformative initiatives in healthcare and transportation with a hybrid work opportunity.
We are seeking a dedicated Managed Services Engineer L1 to provide exceptional support and ensure seamless operation for our clients.
Elevate your career as a Salesforce Architect with Employer.com, specializing in innovative recruitment solutions.
Step into a strategic role at Axogen as the Vice President of Information Technology, where you will shape the future of IT in a high-growth MedTech company.
Subscribe to Rise newsletter