Incident Response Lead

About

Apex Systems is seeking a highly motivated and experienced Incident Response Lead to serve as the NGDC SOC’s technical authority during active cybersecurity incidents across hybrid cloud and on-prem environments. You will direct responders, coordinate with enterprise stakeholders, and drive rapid containment and eradication of threats targeting the NGDC and FTII platforms. This role is ideal for a seasoned IR professional with strong investigative leadership, decisive problem-solving under pressure, and a passion for elevating SOC maturity.

Operational Leadership

• Direct and execute the full incident response lifecycle — detect, analyze, contain, eradicate, recover, and post-incident improvement
• Act as lead investigator for high-severity incidents, driving scoping, timelines, and decision logs
• Maintain situational awareness and provide clear, timely updates to SOC leadership, Cyber Engineering, ISSO, and FSA stakeholders
• Lead technical coordination with Cloud, Network, Identity, and System Administration teams during active response
• Serve as escalation decision authority for containment actions and service disruption trade-offs

Technical Investigation & Forensics

• Lead host/network/cloud DFIR investigations; guide analysts in EDR, SIEM, and NDR tool usage
• Validate and evaluate IOCs/IOAs, malware, credential abuse, lateral movement, and persistence mechanisms
• Ensure evidence integrity and documentation meets audit and legal standards

Preparedness & Program Maturity

• Maintain and continuously enhance IR playbooks, runbooks, and operational workflows
• Lead incident readiness activities (tabletops, purple team exercises, threat hunt planning)
• Translate lessons learned into proactive detection content and security control improvements
• Mentor and technically develop SOC Analysts and supporting engineering roles

Collaboration & Cross-Functional Coordination

• Partner with FSA SOC, EDSOC, CISA, and third-party responders when required
• Coordinate communications with Legal, ISSOs, Public Affairs, and leadership during incidents
• Represent NGDC SOC in briefings with senior government leadership (CISA HVA, DoED, FSA)

Required Qualifications

• 10-12 years of hands-on cybersecurity experience within a SOC, including 6+ years in incident response or DFIR roles
• Demonstrated ability to lead major incidents affecting cloud infrastructure (AWS)
• Strong command of:
  • Digital forensics methodologies (host, network, and cloud)
  • Log and SIEM analysis (e.g., Splunk)
  • EDR platforms (e.g., Trellix)
  • Network analytics and packet capture fundamentals
• Deep familiarity with MITRE ATT&CK, NIST SP 800-61, and cyber kill chain frameworks
• Excellent communication and situational leadership skills — able to brief executives under pressure
• U.S. Citizenship, must obtain Public Trust 6C.

Desired Qualifications

• Relevant certifications, such as:
  • GCIA, GCFA, GCFE, GNFA, GCIH, GDAT
  • Other vendors: Cybersecurity IR or forensic-focused certifications
• Experience mentoring responders and maturing SOC/IR capabilities
• Experience with MITRE ATT&CK, Threat Intelligence, Threat Hunting, Enterprise Logging, Cloud IR

About Everforth Apex

Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico. Everforth Apex uses a virtual recruiter as part of the application process. Click here for more details.

Benefits Overview

Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet’ as well, which an Everforth Apex team member can provide.