Job Description
Insight Global is seeking an Incident Response Officer to support Air Force (AF) network security operations by detecting, investigating, and responding to cyber threats. This role is critical to protecting mission-essential systems and supporting real-time cyber defense operations across Air Force networks.
you will be on the front lines of incident response, working closely with mission leadership, analysts, and law enforcement partners to identify, contain, and remediate cyber threats.
Key responsibilities include:
Detect and investigate suspicious or malicious activity on Air Force networks to determine the type, scope, and impact of potential intrusions
Open and manage network intrusion investigations to validate unauthorized activity
Perform full incident response actions, including preparation, identification, containment, eradication, recovery, and lessons learned
Support both planned and rapid-response incident deployments as required
Conduct cyber investigations to identify initial attack vectors, intrusion timelines, threat actors, and affected systems
Develop containment and remediation recommendations for leadership approval
Author, review, and maintain detailed incident reports and mission documentation
Generate end-of-mission reports and provide clear pass-down information to oncoming analyst crews to ensure continuity of operations
Provide technical cyber defense support to Air Force Office of Special Investigations (OSI), law enforcement, and counter-intelligence partners when required
Assist Air Force field units in reducing vulnerabilities, minimizing risk, and improving overall security posture
Monitor host-based and network-based events to determine when deeper analysis or escalation is required
Comply with third-party monitoring, reporting, and information-sharing agreements (MOU/MOA)
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Skills and Requirements
Active TS/SCI
GCFA Cert required (GIAC Certified Forensic Analyst) - GCFA Requirement can be excused if a candidate has a multitude of SANS Certs 4-5+ * Extensive knowledge of network firewalls, computer and server log analysis, computer network servers (DNS, proxy, e-mail, domain controller, file server, Active Directory) and analysis of their logs; extensive knowledge of digital evidence collection, handling and security
Experience with computer incident response and analysis and report dissemination
Extensive knowledge and experience with network packet capture and analysis software such as WireShark (Ethereal) and Snort
Experience with standard DoD network topology and DMZ boundary protection
Experience with system analysis software (i.e. * EnCase/EnCase Enterprise or FTK), software coding and debugging, and the virtual machine (VM) environment.
Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
BA/BS or MA/MS
