Senior Cyber Defense Incident Responder (L3)

We’re ALTEN Technology USA, an engineering company helping clients bring groundbreaking ideas to life—from advancing space exploration and life-saving medical devices to building autonomous electric vehicles. With 3,000+ experts across North America, we partner with leading companies in aerospace, medical devices, robotics, automotive, commercial vehicles, EVs, rail, and more.

As part of the global ALTEN Group—57,000+ engineers in 30 countries—we deliver across the entire product development cycle, from consulting to full project outsourcing.

When you join ALTEN Technology USA, you’ll collaborate on some of the world’s toughest engineering challenges, supported by mentorship, career growth opportunities, and comprehensive benefits. We take pride in fostering a culture where employees feel valued, supported, and inspired to grow.

As a Senior Cyber Defense Incident Responder within the Global Cybersecurity Operations Center (CSOC) you will play a crucial role as a key technical expert responsible for managing and responding to advanced cyber threats, conducting in-depth investigations, and supporting the overall security posture of The Company. This role combines hands-on technical expertise with mentoring responsibilities, ensuring effective threat detection, incident response, and continuous improvement of SOC capabilities.

What You Will Do:

• Analyze and respond to complex security incidents and alerts generated by SOC tools (e.g., SIEM, EDR, IDS/IPS)
• Investigate and resolve escalated incidents from Level 1 and Level 2 analysts, ensuring swift containment and remediation
• Lead investigations into cybersecurity incidents, including malware infections, data breaches, and insider threats
• Perform digital forensics to collect, analyze, and preserve evidence for legal or compliance requirements
• Provide incident reports with detailed root cause analyses and actionable recommendations
• Use threat intelligence to identify patterns and indicators of compromise (IOCs) relevant to the organization
• Work closely with junior analysts to provide guidance, training, and mentorship, fostering a culture of growth and knowledge-sharing
• Collaborate with IT, cybersecurity, and business stakeholder teams to implement and improve security controls
• Support the continuous improvement of SOC processes, tools, and technologies to enhance efficiency and effectiveness.
• Identify gaps in detection and response capabilities and recommend improvements to SOC leadership.
  
  

Job Requirements

Details:

In this role, you will bring:

• Bachelor's degree in Computer Science or a related 4-year technical degree
• Minimum 7 years of experience in supporting cyber defense operations in highly complex enterprise networks. Experience in SOC, SIRT, or CSIRT capacities
• One or more of the following certifications: GIAC Certified Intrusion Analyst, GCIH Certified Incident Handler, GCIA Certified Intrusion Analyst, CISSP
• Experience in enterprise cybersecurity environment investigating targeted intrusions through complex network segments
• Expert understanding of Advanced Persistent Threat (APT), Cybercrime, and Hacktivist tactics, techniques, and procedures (TTPs)
• Subject Matter Expert in cybersecurity principles, threat lifecycle management, incident management
• Comprehensive knowledge of various operating systems (Windows, OS X, Linux), network protocols, and application layer protocols
• Demonstratable experience in scripting languages (may include Powershell, Python, PERL, etc.)
• Understanding of the Cyber Kill Chain methodology, the NIST framework, the MITRE ATT&CK framework, and SANS Critical Security controls
• Working knowledge in modern cryptographic algorithms and systems
• Experience working with and tuning signatures, rules, signatures, and security technologies (IDS/IPS, SIEM, Sandboxing tools, EDR, email security platforms, user behavior analytics
• Network design knowledge including security architecture
• Strong analytical and technical skills in network defense operations including experience with incident handling (detection, analysis, triage)
• Conceptual understanding of cyber threat hunting
• Prior experience and ability analyzing cybersecurity events to determine true positives and false positives. Including cybersecurity alert triage, incident investigation, implementing countermeasures, and managing incident response
• Previous experience with SIEM platforms and log aggregation systems that perform collection, analysis, correlation, and alerting
• Ability to develop rules, filters, views, signatures, countermeasures, and other cyber defense platforms as well as the ability to support analysis and detection continual improvement
• Knowledge of new and emerging cybersecurity technologies
• Ability to create technical documents as well as stakeholder sitreps and briefing documents 

Preferred Qualifications: 

• Deep Cybersecurity Operations Center experience in the following: intelligence driven detection, security principles, threat lifecycle management, incident management, digital forensics and investigations, network monitoring, endpoint monitoring, OT security principles
• CSOC Process Management experience, to include: process and procedure management, CSOC initiative management, continual operational improvement
• Preferred certifications: CISSP, GCIH, GCIA, Linux+, CCNA, CCNP
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to both business leaders/key stakeholders as well as technical teams and SMEs
• Demonstrated knowledge in cyber defense policies, procedures, and regulations
• Knowledge of cyber vulnerability management processes
• Knowledge of common user and system authentication and authorization mechanisms  

Work schedule:

• M-F, 2pm to 10pm Eastern time
• Training (During first month of the job): M-F, 10am to 6pm Eastern time

The actual salary offered is dependent on various factors including, but not limited to, location, the candidate’s combination of job-related knowledge, qualifications, skills, education, training, and experience.

ALTEN Technology is an Equal Opportunity Employer. Our Policy is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual’s age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity/expression or veteran status.

Please beware of job seeker scams and see this important notice on our careers page for more information about our recruiting process.

Compliance Notice: Alten USA is a federal contractor subject to the requirements of the Vietnam Era Veterans’ Readjustment Assistance Act (VEVRAA) and Executive Order 11246. We are an Equal Opportunity Employer and consider all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Drug Screening Requirement: As a federal contractor, Alten USA maintains a drug-free workplace. All candidates selected for employment will be required to successfully complete a pre-employment drug screening as a condition of hire.