Job Description

Overview

Kforce has a client that is seeking an Incident Response Manager in Herndon, VA. This role leads cybersecurity incident detection, analysis, response, and recovery activities in a mission-critical environment, orchestrating incident response processes to rapidly contain and eradicate threats and drive continuous improvement across IT and OT infrastructures.

Responsibilities

• Lead end-to-end incident response lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned) for IT and OT systems
• Manage and coordinate a team of responders, analysts, and engineers during high-severity incidents
• Develop, maintain, and exercise Incident Response Plans (IRPs), Playbooks, and Runbooks tailored for OT/ICS environments
• Interface with DoD stakeholders, government program offices, and third-party vendors to ensure coordinated response activities
• Oversee forensic investigations including malware analysis, packet captures, log reviews, and OT protocol traffic analysis
• Lead threat-hunting operations in IT/OT environments to proactively detect advanced adversaries
• Ensure all incident reporting aligns with DoD RMF, NIST 800-61, CJCSM 6510, and CMMC requirements
• Maintain compliance with STIGs, DISA CCRI, and DoD Cybersecurity Service Provider (CSSP) standards
• Drive improvements in network segmentation, Zero Trust adoption, OT security monitoring, and detection capabilities
• Provide after-action reports, metrics, and executive briefings to leadership

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, IT, or related field (or equivalent experience)
• 8+ years of cybersecurity experience, with at least 3+ years in incident response management
• Proven expertise in OT/ICS environments (e.g., SCADA, PLCs, DCS, manufacturing, utilities, or military OT systems)
• Hands-on experience with SIEM platforms (Splunk, ELK, ArcSight), EDR tools, and forensic toolsets (EnCase, FTK, Volatility, Wireshark, GRR)
• Deep knowledge of MITRE ATT&CK and ATT&CK for ICS frameworks
• Familiarity with networking protocols (TCP/IP, Modbus, DNP3, OPC, CIP, Profinet, etc.) and their security risks
• Experience with malware reverse engineering concepts, digital forensics, and memory analysis
• Strong knowledge of DoD cybersecurity compliance frameworks (RMF, NIST, STIG, CMMC)
• Excellent leadership, communication, and coordination skills for cross-functional response teams

Pay and Benefits

The base pay range listed reflects what Kforce reasonably believes it would pay at posting. Actual pay will be based on skills and experience, and may be higher or lower. We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off; hourly employees are not eligible for PTO unless required by law. Note: Pay is not considered compensation until earned, vested and determinable, and may be modified in Kforces discretion in accordance with applicable law.

This job is not eligible for bonuses, incentives or commissions. Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking Apply Today you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Message frequency may vary and standard message and data rates may apply. You may opt out by using keywords such as STOP.

Additional information

Seniority level: Associate

Employment type: Full-time

Job function: Information Technology

Industries: IT Services and IT Consulting

Location notice: This job posting includes information about the role and responsibilities but may not reflect all duties associated with the position.

Job Tags

Similar Jobs