MAG Aerospace is staffing for a Senior Incident Response Analyst to support United States Special Operations Command (USSOCOM) Joint Airborne Intelligence, Surveillance, and Reconnaissance (AISR) and its mission partners in enabling combat forces to access immediate battlefield information.

This position functions as a technical expert in advanced incident analysis, digital forensics, and threat intelligence, providing deep insights into complex cyberattacks.

This position plans and leads all phases of cybersecurity incident response, from advanced threat detection to recovery, across diverse technological domains within the C2ISR Transport Infrastructure.

This position also drives the development and execution of robust cybersecurity services, addressing critical security controls including access management, personnel security, system design, media protection, network boundaries, and supply chain risk mitigation.

This position is located at MacDill Air Force Base in Tampa, Florida

Support includes, but is not limited to:

• Plans and leads all phases of cybersecurity incident response, from advanced threat detection to comprehensive recovery, across diverse technological domains within the C2ISR Transport Infrastructure.
• Drives the development and execution of robust cybersecurity services, addressing critical security controls including access management, personnel security, system design, media protection, network boundaries, and supply chain risk mitigation.
• Functions as a technical expert in advanced incident analysis, digital forensics, and threat intelligence, providing deep insights into complex cyberattacks.
• Oversees the continuous monitoring of security systems, ensuring advanced threat prevention strategies are in place and effective against evolving threats.
• Provides expert guidance to incident response teams, cybersecurity engineers, and senior management on complex cyber incident challenges, mitigation strategies, and post-incident recovery.
• Mentors and supervises journeyman and junior Incident Response Analysts, fostering skill development and ensuring consistency in incident handling quality and adherence to best practices.
• Leads collaboration with key stakeholders, including DoD cybersecurity and National Security Systems (NSS) requirements teams, to integrate incident response findings into broader security architecture.
• Establishes and enforces adherence to established incident response policies, procedures, and documentation guidelines, ensuring a rapid and effective response to all cybersecurity incidents.
• Develops and refines strategic approaches for incident prevention, detection, and response, leveraging automation and advanced security tools.
• Contributes to the overall security posture by identifying technological vulnerabilities and providing expert cybersecurity insights to mitigate operational risks.

Required Qualifications

Must have some experience with the following:

• Security Information and Event Management (SIEM) platforms (Splunk, ArcSight, Elastic, QRadar)
• Intrusion detection and prevention systems (Snort, Suricata, Zeek)
• Endpoint detection and response (EDR) tools (CrowdStrike Falcon, Carbon Black, SentinelOne)
• Malware analysis sandboxes (Cuckoo, FireEye AX); forensic analysis utilities (EnCase, FTK, Autopsy)
• Packet capture and traffic analysis tools (Wireshark, NetFlow analyzers)
• Threat intelligence platforms (MISP, ThreatConnect, Anomali)
• Vulnerability management dashboards (Nessus, Qualys, OpenVAS)
• Incident ticketing and workflow systems (ServiceNow, Jira Service Desk integrated with IR playbooks)
• Log aggregation and correlation engines; encryption and secure communications utilities (PKI, TACLANE)
• Evidence collection and chain of custody documentation templates
• Automated response orchestration tools (SOAR platforms like Palo Alto Cortex XSOAR, Splunk Phantom)
• Compliance and reporting templates for incident handling under DoD RMF, NIST SP 800 61, and ISO/IEC 27035.

Education:

Must have ONE of the following degrees:

• BS Computer Science
• BS Cybersecurity
• BS Data Science
• BS Information Systems
• BS Information Technology
• BS Software Engineering

Certification:

Must have at least ONE of the following certifications and complete additional DoD 8140 WRC 722 Element CS, Work Role: Information Systems Security Manager; Proficiency Level: Intermediate as required, to include DoD-approved IA baseline certification for ADP-III/IT-III based on the IAT level and CE/Operating System (OS) certificate within six months of the assignment:

• GMON
• SecurityX/CASP+
• CCISO
• CCSP
• CGRC/CAP
• CISSO
• CompTIA Cloud+
• GCSA
• GSEC
• CompTIA Security+
• SSCP

Clearance:

• Must have a current TS/SCI

The position is contingent upon candidate’s ability to meet physical and medical requirements as needed by the position; including compliance with all applicable federal, state, and local jurisdictional requirements.