Cyber Incident Manager

About

Nightwing provides technically advanced full‑spectrum cyber, data operations, systems integration and intelligence mission support services to meet our customers’ most demanding challenges. Our capabilities include cyber space operations, cyber defense and resiliency, vulnerability research, ubiquitous technical surveillance, data intelligence, lifecycle mission enablement, and software modernization. Nightwing brings disruptive technologies, agility, and competitive offerings to customers in the intelligence community, defense, civil, and commercial markets.

Nightwing is supporting a U.S. Government customer to provide onsite incident response to civilian Government agencies and critical asset owners who experience cyber‑attacks, providing immediate investigation and resolution. Contract personnel perform investigations to characterize the severity of breaches, develop mitigation plans, and assist with the restoration of services. Nightwing is seeking a Cyber Incident Manager to support this critical customer mission.

Responsibilities

• Correlate incident data to identify specific trends in reported incidents.
• Recommend defense‑in‑depth principles and practices (e.g., Defense in Multiple Places, layered defenses, security robustness).
• Perform Computer Network Defense (CND) incident triage, determining scope, urgency, and potential impact.
• Research and compile known resolution steps or workarounds to enable mitigation of potential CND incidents within the enterprise.
• Apply cybersecurity concepts to detection and defense of intrusions into small and large‑scale IT networks; conduct cursory analysis of log data.
• Monitor external data sources to maintain currency of CND threat conditions and determine which security issues may impact the enterprise.
• Identify the cause of an incident and determine key questions for external entities to learn background and potential infection vectors.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes.
• Track and document CND incidents from initial detection through final resolution; coordinate information with other organizational components.
• Limited candidates may be hired for shift work; assigned to set schedules, triaging and researching incidents for Indicators of Compromise (IOCs), escalating to specialized analysts.

Required Skills

• U.S. Citizenship.
• Active TS/SCI clearance.
• Ability to obtain DHS Suitability.
• 5+ years of directly relevant experience in cyber incident management or cybersecurity operations.
• Knowledge of incident response and handling methodologies.
• Familiarity with NIST 800‑62 (latest revision) and FISMA standards as they pertain to reporting incidents.
• Ability to prioritize incidents, investigate and describe tactics used in phishing campaigns, and recognize gaps in incident reporting.
• Knowledge of general attack stages (e.g., foot‑printing, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Knowledge of basic system administration and operating system hardening techniques, CND policies, procedures, and regulations.
• Understanding of different operational threat environments (first‑generation script kiddies, second‑generation non‑nation‑state sponsored, third‑generation nation‑state sponsored).
• Knowledge of system and application security threats and attack methods (e.g., buffer overflow, mobile code, cross‑site scripting, PL/SQL injections, race conditions, covert channel, replay, return‑oriented attacks, malicious code).

Desired Skills

• Knowledge of different operational threat environments (first‑generation script kiddies, second‑generation non‑nation‑state sponsored, third‑generation nation‑state sponsored).
• Knowledge of system and application security threats and attack methods (e.g., buffer overflow, mobile code, cross‑site scripting, PL/SQL injections, race conditions, covert channel, replay, return‑oriented attacks, malicious code).

Required Education

• Bachelor’s degree in Incident Management, Operations Management, Cybersecurity, or a related field or a high school diploma with 7‑9 years of incident management or cybersecurity experience.

Desired Certifications

• GCIH, GCFA, GISP, GCED, CCFP, or CISSP.

Location

Arlington, VA.