Cyber Defense Incident Responder – NTRCEPT Lead

Cyber Defense Incident Responder – NTRCEPT Lead

Job Category: Security

Time Type: Full time

Minimum Clearance Required to Start: TS/SCI

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Continental US

* * *

CACI is seeking a seasoned and dedicated Cyber Defense Incident Responder – NTRCEPT Lead to join our highly skilled team supporting the U.S. Strategic Command (USSTRATCOM) Cybersecurity Service Provider (CSSP). This critical role directly aligns with the DoD 8140 Cyber Workforce Framework work role for Cyber Defense Incident Responder (ID: 531) at the Advanced level. The successful candidate will be responsible for investigating, analyzing, and responding to complex cyber incidents within the network environment. This includes leading incident handling activities, performing forensic analysis, coordinating remediation efforts, and enhancing overall security posture. This senior technical leadership role is responsible for the overall management, operational effectiveness, and strategic direction of the CSSP team, ensuring the successful defense of critical networks. The NTRCEPT Lead will manage a multi-disciplinary team comprising cyber engineers, developers, analysts, and technicians. This position requires leadership availability and oversight, potentially including response coordination outside standard hours to support mission requirements and ensure continuous operations. 

 

The Opportunity:  

Join a CACI team where the mission is critical, and the team culture is paramount. We are building a positive, fun, collaborative, and light-hearted environment focused on collective success and individual growth. Our leadership is committed to: 

Culture: Fostering an engaging workplace through gamified cyber concepts (tabletop exercises, Backdoors & Breaches card game), team contests, informative lunch-and-learn sessions, active participation in local youth cyber programs, and opportunities to attend leading industry conventions like DEFCON and BSIDES. 

Training: Championing life-long learning. We prioritize robust training programs aligned with your career goals and DoD requirements. Our leadership provides mentorship and resources to ensure continuous professional development, crucial for mastering incident response techniques. 

Talent Management: Investing in your future. Every team member receives a detailed and fully customized Individual Development Plan (IDP). We facilitate cross-training and exploration of different roles within CACI, ensuring you remain challenged, engaged, and never bored. 

This is more than just a job; it's an opportunity to be at the forefront of defending national security assets against cyber threats while advancing your career in a supportive and dynamic environment. 

 

Responsibilities: 

As the NTRCEPT Lead, you will provide overall leadership and management for the NTRCEPT team and its functions, including but not limited to: 

• Leadership & Team Management: Lead, manage, mentor, and develop a diverse team of cybersecurity professionals (engineers, developers, analysts, technicians). Foster a collaborative and high-performing team environment. Oversee staffing, resource allocation, and performance management for the CSSP team. 

• Incident Management & Triage: Lead and coordinate incident response functions. Perform initial triage of alerts and potential incidents to determine scope, urgency, and potential impact. Track incidents from detection through resolution. 

• Forensic Analysis: Perform forensically sound collection of digital evidence (disk images, memory captures, logs) according to standard procedures. Analyze intrusion artifacts (malware, source code) and logs from various sources (host, network, firewall, IDS) to identify attack vectors, TTPs, and compromised systems. 

• Incident Handling: Execute real-time incident handling tasks, including containment, eradication, and recovery coordination. Perform damage assessments and identify specific vulnerabilities exploited. 

• Malware Handling: Identify, capture, contain, and report malware. Utilize malware analysis concepts and methodologies to understand threat capabilities. 

• Coordination & Communication: Coordinate with internal teams (SOC analysts, threat hunters, system administrators) and external stakeholders to resolve incidents and improve security posture. Provide expert technical support and serve as a liaison to other organizations as needed. 

• Reporting & Documentation: Write and publish detailed incident reports, technical guidance, and After Action Reviews (AARs). Ensure reporting meets JFHQ-DODIN timelines per CJCSM 6510.01B. Brief technical findings to leadership and relevant constituencies. 

• Security Enhancement: Correlate incident data to identify trends and vulnerabilities. Develop recommendations for security tool tuning and configuration changes. Work with stakeholders to implement security improvements. 

• Threat Hunting: Proactively hunt for indicators of compromise and anomalous activity based on threat intelligence and incident analysis findings. 

• Research & Development: Maintain currency on cyber threats, incident response methodologies, forensic techniques, and relevant tools. Monitor external data sources for actionable intelligence. 

• Additional Duties: Perform other related duties as assigned by leadership to meet mission requirements and support USSTRATCOM objectives. Depending on experience and team structure, this role may involve working under direct supervision or potentially providing guidance, training, or supervision to others. 

• Compliance & Reporting Oversight: Ensure all CSSP activities comply with relevant DoD directives (including CJCSM 6510.01B reporting requirements), policies, and legal/regulatory standards. Oversee the generation and delivery of required reports. 

• Risk Management: Oversee risk management activities within the CSSP's purview. Advise leadership on identified risks and recommend mitigation strategies. Ensure security best practices are implemented and maintained. 

• Technical Oversight & Guidance: Provide high-level technical guidance and direction to the team. Ensure the effective implementation and tuning of cybersecurity tools and technologies, making recommendations based on operational needs and risk posture. 

• Budget & Resource Management: Contribute to budget planning and manage allocated resources effectively to meet CSSP operational requirements and strategic goals. 

• Incident Management Oversight: Provide leadership oversight during major cybersecurity incidents, ensuring effective coordination, response, and reporting. 

• Additional Duties: Perform other related strategic and leadership duties as assigned to meet mission requirements and support USSTRATCOM objectives. 

 

Qualifications: 

Required Certifications (Must possess one): 

• GIAC Certified Incident Handler (GCIH) 

• (ISC)² Certified Incident Response Professional (IRP) 

• EC-Council Certified Incident Handler (E|CIH) 

Conditional Alternative Certifications (Considered): 

• Offensive Security Certified Expert (OSCE) 

• Offensive Security Experienced Penetration Tester (OSEP) 

• Offensive Security Exploit Developer (OSED) 

• Offensive Security Web Expert (OSWE) 

• GIAC Reverse Engineering Malware (GREM) 

Education & Experience: 

• Bachelor's degree (BS) in Information Technology, Cybersecurity, Computer Science, or a related technical field is required. 

• A minimum of 10 years of relevant, progressive cybersecurity experience is preferred, with a strong emphasis on incident response, digital forensics, malware analysis, or network security. 

• Proven experience working in a Security Operations Center (SOC) or CSSP environment, particularly in an incident response capacity, is highly desirable. 

• Expert-level knowledge of incident response methodologies, computer networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), common attack vectors, and network/system security principles. 

• Demonstrated experience with incident response tools, SIEM platforms, EDR solutions, forensic analysis tools (e.g., EnCase, FTK, Volatility), and packet capture analysis tools (e.g., Wireshark). 

• Knowledge of malware analysis concepts, tools, and techniques. 

• Familiarity with scripting languages (e.g., Python, PowerShell) for analysis and automation is a plus. 

• Strong understanding of evidence handling and chain of custody procedures. 

• Exceptional analytical, critical thinking, and problem-solving skills under pressure. 

• Expert-level knowledge of cybersecurity principles, frameworks (NIST CSF, RMF), standards, and best practices. 

• Deep understanding of CSSP functions, requirements, and relevant DoD directives (e.g., CJCSM 6510.01B). 

• Strong strategic planning, organizational, program management, and problem-solving skills. 

• Exceptional leadership, communication (written, verbal, presentation), and interpersonal skills, with the ability to effectively engage with senior leadership, technical teams, and external partners. 

• Must be available to provide leadership oversight and support outside standard hours as required by mission needs or significant incidents. 

• Must possess an active or be eligible to acquire Top Secret w/ SCI security clearance. 

-

________________________________________________________________________________________

What You Can Expect:

 

A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.

 

An environment of trust.

CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

A focus on continuous growth.

Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy. 

 

Your potential is limitless. So is ours.

Learn more about CACI here.

________________________________________________________________________________________

Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here.

The proposed salary range for this position is:

$90,700 - $199,600

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.