Computer Network Defense Incident Manager III

Computer Network Defense Incident Manager III

Location: Arlington, VA (On-Site)

Citizenship: US only

Clearance: Active TS/SCI (DHS EOD Suitability required)

Company: Argo Cyber Systems, LLC - Service-Disabled Veteran-Owned Small Business (SDVOSB)

About Argo Cyber Systems

Argo Cyber Systems provides mission-critical cybersecurity support to U.S. Government agencies and critical infrastructure owners nationwide. Our teams deliver rapid incident response, advanced forensics, and coordinated recovery operations to protect vital systems from evolving cyber threats. We combine technical precision with operational agility-helping federal partners identify, contain, and recover from complex cyber incidents with speed and confidence.

Argo Cyber Systems is seeking an experienced Cyber Incident Manager - Computer Network Defense to lead and coordinate incident response operations for a high-profile U.S. Government customer. The Incident Manager will oversee the triage, analysis, and resolution of cybersecurity events across federal civilian networks and critical assets. This role requires a mix of technical depth, investigative skill, and the ability to synthesize complex data into actionable recommendations for both technical and executive audiences.

Role and Responsibilities

• Lead and manage incident response and cyber defense operations, ensuring timely containment, eradication, and recovery.
• Correlate and analyze incident data to identify trends, adversary tactics, and systemic vulnerabilities.
• Conduct Computer Network Defense (CND) triage, assessing scope, urgency, and operational impact of security events.
• Develop and recommend Defense-in-Depth strategies, layered defense architectures, and resilience improvements.
• Research and document resolutions and mitigations to support enterprise recovery and strengthen future defenses.
• Apply cybersecurity and threat intelligence concepts to detect, analyze, and respond to intrusions in both small and large-scale network environments.
• Monitor and assess external threat data sources to maintain situational awareness and anticipate potential impacts to the enterprise.
• Lead the investigation of incident root causes, infection vectors, and attacker methodologies.
• Receive, analyze, and validate security alerts from enterprise monitoring tools, escalating as appropriate.
• Track and document all incident response activities from detection through closure, ensuring comprehensive reporting and lessons learned.
• Support continuous improvement by refining processes, updating playbooks, and mentoring junior analysts.

Qualifications, Education and Skills Requirements

• U.S. Citizenship (required)
• Active TS/SCI clearance (required)
• Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, or related discipline
• Ability to obtain DHS Entry on Duty (EOD) Suitability
• 5+ years of hands-on experience in cyber incident management or SOC/DFIR operations
• Deep understanding of incident response methodologies, containment strategies, and recovery workflows
• Working knowledge of NIST SP 800-61 Rev.2 (Computer Security Incident Handling Guide) and FISMAincident reporting standards
• Strong ability to analyze, prioritize, and document incidents, including phishing, lateral movement, and privilege escalation cases
• Comprehensive understanding of cyberattack lifecycle stages and adversary tactics, techniques, and procedures (TTPs)
• Proficiency in identifying vulnerabilities, threat vectors, and exploitation patterns
• Knowledge of operating system hardening, network defense, and system administration fundamentals
• Familiarity with nation-state, criminal, and opportunistic threat actor profiles and their operational tradecraft
• Excellent communication, coordination, and leadership skills in high-pressure, mission-driven environments

Additional Desires and Considerations

• Proficiency with enterprise SIEM, EDR, and incident management platforms (e.g., Splunk, SentinelOne, CrowdStrike, ServiceNow)
• Experience leading shift-based operations or 24x7 response teams
• Deep knowledge of malware, intrusion detection, and threat hunting techniques
• Familiarity with log analysis, packet capture, and intrusion detection systems (IDS/IPS)
• Strong understanding of MITRE ATT&CK framework and cyber kill chain methodology
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Intrusion Analyst (GCIA/GCED)
• Certified Information Systems Security Professional (CISSP)
• Certified Cyber Forensics Professional (CCFP) or equivalent

• Shift work position; schedule determined upon start.

• ECP-1 rates apply.

• Must be available for onsite support during active incidents or surge operations.