Principle Incident Handler

About ARSIEM Corporation
At ARSIEM Corporation we are committed to fostering a proven and trusted partnership with our government clients.  We provide support to multiple agencies across the United States Government.  ARSIEM has an experienced workforce of qualified professionals committed to providing the best possible support.
As demand increases, ARSIEM continues to provide reliable and cutting-edge technical solutions at the best value to our clients.  That means a career packed with opportunities to grow and the ability to have an impact on every client you work with. 
ARSIEM Corporation is seeking a highly skilled Principal Incident Handler (IH-P) to lead cyber incident response operations in a fast-paced, mission-critical environment. As the senior-most responder on the team, you’ll provide technical oversight, mentor junior analysts, and serve as a strategic advisor to the Cyber Security Operations Center (CSOC) leadership. This position will support one of our government clients in Monterey, CA.

Responsibilities

• Lead and guide Tier I and II analysts during active incidents, ensuring high-quality response and knowledge transfer.
• Drive updates to incident handling SOPs and evaluate access, tools, and workflows to support full-spectrum cyber defense.
• Oversee incident response from alert to resolution, including detection, triage, analysis, containment, and remediation.
• Conduct root cause analysis and present findings to stakeholders, including the CSOC Manager, ISSM, and CISO.
• Ensure digital evidence is preserved properly and in accordance with legal/operational standards.
• Recommend enhancements to security tooling and lead technical coordination with engineering and forensics teams.

Minimum Qualifications

• 7+ years in incident response, malware analysis, or cyber forensics.
• Bachelor's degree in CS, Engineering, Cybersecurity, or related field.
• Demonstrated experience guiding technical teams through complex cybersecurity incidents.
• Deep familiarity with detection technologies (SIEM, IDS/IPS), network protocols, malware containment, and threat analysis.
• Strong written and verbal communication skills, including incident reporting and executive briefings.
• Strong understanding of network protocols (e.g., TCP/IP, DNS), security architecture, and traffic analysis
• Strong understanding of threat actor behaviors, attack stages, and common vulnerabilities
• Strong understanding of host/network intrusion detection, malware handling, and secure system administration
• Strong understanding of cloud service models and how they affect response strategies
• Strong understanding of cybersecurity frameworks, privacy principles, and risk mitigation
• Relevant industry certifications (e.g., CISSP, GCIA, GCIH, CEH) preferred but not required.

Clearance Requirement: This position requires an active Top Secret clearance. You must be a US Citizen for consideration. Candidate Referral: Do you know someone who would be GREAT at this role? If you do, ARSIEM has a way for you to earn a bonus through our referral program for persons presenting NEW (not in our resume database) candidates who are successfully placed on one of our projects. The bonus for this position is $3,500, and the referrer is eligible to receive the sum for any applicant we place within 12 months of referral. The bonus is paid after the referred employee reaches 6 months of employment.
ARSIEM is proud to be an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.