Cyber Information Response Team (CIRT) Analyst

About the position At GDIT, we are passionate about securing and supporting some of the most challenging government, defense, and intelligence missions. As part of our team, your work will have meaning and impact, helping to make today safer and tomorrow smarter. Join a culture that values autonomy, collaboration, and delivering your best every day. GDIT has an opening for a CIRT Analyst supporting the Army National Guard (ARNG) as part of the GECOS program. This position is part of an IT Service Management contract that includes the operation, modernization, expansion, and evolution of the ARNG’s global IT services. These services span networking, compute, storage, infrastructure, cybersecurity, applications, hosting, and program management. GECOS operates within the ITIL framework to deliver high-quality IT services to the ARNG, and this role is a critical part of ensuring the security and success of that mission. HOW A CIRT ANALYST WILL MAKE AN IMPACT: Collect and analyze network and/or host artifacts from various sources, including logs, system images, and packet captures, to: characterize activity, determine the root cause and operational impact, and enable rapid remediation and/or mitigation of cyber threats. Perform triage of cyber incidents, identifying scope, urgency, and potential impact. Provide technical support for real-time cyber defense incident handling tasks. Proactively identify and recommend mitigations for vulnerabilities. Demonstrate effectiveness through handling Red Team activity and investigation. Manage, document, and track cyber defense incidents from detection to resolution. Update and maintain Incident Response tactics, techniques, procedures, and training documentation. Prepare and conduct training courses related to incident response at least four times per calendar year. Support efforts to maintain the customer's CSSP (Cyber Security Service Provider) accreditation, including documentation and technical writing. Rapidly respond to time-sensitive security events and work collaboratively under tight deadlines. Participate in cross-functional teams and meetings to improve cybersecurity posture. Provide on-call and after-hours support as needed. Proficiency in collecting and analyzing logs, system images, and other artifacts. Investigating and resolving cybersecurity incidents. Strong understanding of cybersecurity concepts, including mitigation strategies, root cause analysis, and Red Team operations. Familiarity with current cyber defense tools and technologies. Excellent oral and written communication skills for both technical and non-technical audiences. Strong organizational skills for multitasking and meeting deadlines. Ability to work independently, adapt to fast-paced environments, and solve complex problems. Collaborative mindset with strong customer service skills. Dependability, punctuality, and responsiveness to management. Attention to detail, problem-solving capabilities, and analytical thinking. Ability to build trust, credibility, and strong working relationships with both customers and team members.

Responsibilities

• Collect and analyze network and/or host artifacts from various sources, including logs, system images, and packet captures, to: characterize activity, determine the root cause and operational impact, and enable rapid remediation and/or mitigation of cyber threats.
• Perform triage of cyber incidents, identifying scope, urgency, and potential impact.
• Provide technical support for real-time cyber defense incident handling tasks.
• Proactively identify and recommend mitigations for vulnerabilities.
• Demonstrate effectiveness through handling Red Team activity and investigation.
• Manage, document, and track cyber defense incidents from detection to resolution.
• Update and maintain Incident Response tactics, techniques, procedures, and training documentation.
• Prepare and conduct training courses related to incident response at least four times per calendar year.
• Support efforts to maintain the customer's CSSP (Cyber Security Service Provider) accreditation, including documentation and technical writing.
• Rapidly respond to time-sensitive security events and work collaboratively under tight deadlines.
• Participate in cross-functional teams and meetings to improve cybersecurity posture.
• Provide on-call and after-hours support as needed.

Requirements

• 4 + years of related experience
• US Citizenship Required: Yes
• Proficiency in collecting and analyzing logs, system images, and other artifacts.
• Investigating and resolving cybersecurity incidents.
• Strong understanding of cybersecurity concepts, including mitigation strategies, root cause analysis, and Red Team operations.
• Familiarity with current cyber defense tools and technologies.
• Excellent oral and written communication skills for both technical and non-technical audiences.
• Strong organizational skills for multitasking and meeting deadlines.
• Ability to work independently, adapt to fast-paced environments, and solve complex problems.
• Collaborative mindset with strong customer service skills.
• Dependability, punctuality, and responsiveness to management.
• Attention to detail, problem-solving capabilities, and analytical thinking.
• Ability to build trust, credibility, and strong working relationships with both customers and team members.
• Bachelor’s degree in information technology, computer science or a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience.
• 4+ years of practical experience in a Cybersecurity, Engineering, T&E, or A&A-related field.
• Prior experience with cyber incident response, especially on DoD networks; digital forensics
• Must Possess the appropriate baseline certification(s) to achieve a minimum of DoD 8570.01-M Information Assurance Technical (IAT) Level II (i.e., CompTIA Security+ CE) prior to start.
• Will need to obtain an additional computing environment certification within six-months of hire based on position designation. (i.e., CEH, CCNA-Security, CND, etc.). Candidate may have further discussions with the program’s Cyber Security Manager for more details. When 8140 requirements are implemented on program/contract, employees will need to conform to 8140 certification standards.
• Active SECRET security clearance required and must be maintained.

Benefits

• Comprehensive benefits and wellness packages
• 401K with company match
• competitive pay and paid time off
• full flex work weeks where possible
• a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
• short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance

Apply tot his job Apply To this Job