Cybersecurity Consultant
Crfamilyofcompanies · Washington, District of Columbia, United States · Posted Jul 6, 2026
Apply on company site Track it in JobSkout
Lead or support cybersecurity incident response engagements involving ransomware, advanced persistent threats (APT), insider threats, phishing campaigns, malware infections, unauthorized access, cloud compromises, and other cyber incidents.
Responsibilities include:
Perform incident triage and determine scope and severity.
Identify attack vectors and affected assets.
Collect and preserve forensic evidence.
Perform root cause analysis.
Coordinate containment activities.
Support eradication of adversary presence.
Restore systems to secure operational status.
Develop incident timelines.
Produce executive and technical incident reports.
Recommend security improvements to prevent recurrence.
Cyber Hunt Operations
Conduct proactive threat hunting activities designed to identify adversaries before significant impact occurs.
Responsibilities include:
Develop hunt hypotheses based on current intelligence.
Analyze endpoint, network, cloud, identity, and application logs.
Identify Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
Detect persistence mechanisms.
Identify lateral movement.
Investigate privilege escalation.
Hunt for known threat actor Tactics, Techniques, and Procedures (TTPs).
Leverage MITRE ATT CK methodologies.
Produce actionable hunt findings.
Incident Handling Event Management (IHEM)
Support enterprise Incident Handling and Event Management capabilities consistent with NIST guidance and industry best practices.
Responsibilities include:
Monitor security events and alerts.
Validate and declare security incidents.
Perform event analysis and prioritization.
Coordinate incident response activities.
Conduct technical investigations.
Execute containment procedures.
Support remediation efforts.
Validate recovery activities.
Document lessons learned.
Improve incident response processes.
Digital Forensics Analysis
Support forensic investigations involving:
Windows
Linux
Cloud environments
Active Directory
Microsoft 365
Azure
AWS
Containers
Virtual infrastructure
Experience with:
Memory analysis
Disk analysis
Log analysis
Timeline reconstruction
Registry analysis
Malware triage
Security Technologies
Consultants should have practical experience with one or more of the following:
Splunk
Microsoft Sentinel
CrowdStrike Falcon
Microsoft Defender
Elastic
QRadar
Palo Alto Cortex
Trellix
Carbon Black
Rapid7
Tanium
Tenable
Qualys
AWS Security Services
Azure Security Center
Microsoft Defender XDR
EDR/XDR platforms
Job Requirements
Minimum 7 years of cybersecurity experience.
Minimum 5 years supporting Incident Response or Security Operations Center (SOC) environments.
Experience responding to live cybersecurity incidents.
Experience performing enterprise threat hunting.
Strong understanding of:
NIST Cybersecurity Framework
NIST SP 800-61 Computer Security Incident Handling Guide
NIST SP 800-53
MITRE ATT CK Framework
Cyber Kill Chain
Zero Trust Architecture
Experience analyzing:
Windows Event Logs
Sysmon
Active Directory
DNS
Firewall logs
Authentication logs
EDR telemetry
Cloud audit logs
Excellent written and verbal communication skills.
Ability to explain technical findings to executive leadership.
Desired Qualifications
One or more of the following certifications:
CISSP
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Enterprise Defender (GCED)
Certified Ethical Hacker (CEH)
CompTIA CySA+
CompTIA Security+
Splunk Certified Architect
Splunk Enterprise Security Certified Admin
Microsoft Certified Security Operations Analyst (SC-200)
Microsoft Cybersecurity Architect (SC-100)
AWS Security Specialty
Certified Cloud Security Professional (CCSP)
Preferred Experience
Experience supporting:
Federal Civilian Agencies
Department of Defense
Intelligence Community
Critical Infrastructure
Healthcare
Financial Services
Energy Sector
Experience with:
Continuous Diagnostics and Mitigation (CDM)
Continuous Monitoring
Threat Intelligence
Insider Threat
Vulnerability Management
Malware Analysis
Digital Forensics
Cloud Incident Response
Identity-based attacks
Zero Trust implementations
Availability Requirements
Candidates must be able to:
Respond to urgent requests within agreed Service Level Agreements (SLAs).
Participate in after-hours, weekend, and holiday incident response activities.
Support remote engagements nationwide.
Participate in surge support during major cybersecurity incidents.
Key Competencies
Incident Response Leadership
Cyber Threat Hunting
Digital Forensics
Malware Investigation
Log Analysis
Enterprise Security Monitoring
SIEM Operations
Executive Communication
Technical Documentation
Problem Solving
Crisis Management
Team Collaboration
Deliverables
Consultants may be expected to produce:
Incident Response Reports
Executive Briefings
Threat Hunt Reports
Root Cause Analysis Reports
Lessons Learned Documenta…