Search all jobs
Browse jobsWashington, DC › Cybersecurity Consultant

Cybersecurity Consultant

Crfamilyofcompanies · Washington, District of Columbia, United States · Posted Jul 6, 2026

Apply on company site   Track it in JobSkout

Lead or support cybersecurity incident response engagements involving ransomware, advanced persistent threats (APT), insider threats, phishing campaigns, malware infections, unauthorized access, cloud compromises, and other cyber incidents.

Responsibilities include:

Perform incident triage and determine scope and severity.

Identify attack vectors and affected assets.

Collect and preserve forensic evidence.

Perform root cause analysis.

Coordinate containment activities.

Support eradication of adversary presence.

Restore systems to secure operational status.

Develop incident timelines.

Produce executive and technical incident reports.

Recommend security improvements to prevent recurrence.

Cyber Hunt Operations

Conduct proactive threat hunting activities designed to identify adversaries before significant impact occurs.

Responsibilities include:

Develop hunt hypotheses based on current intelligence.

Analyze endpoint, network, cloud, identity, and application logs.

Identify Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).

Detect persistence mechanisms.

Identify lateral movement.

Investigate privilege escalation.

Hunt for known threat actor Tactics, Techniques, and Procedures (TTPs).

Leverage MITRE ATT CK methodologies.

Produce actionable hunt findings.

Incident Handling Event Management (IHEM)

Support enterprise Incident Handling and Event Management capabilities consistent with NIST guidance and industry best practices.

Responsibilities include:

Monitor security events and alerts.

Validate and declare security incidents.

Perform event analysis and prioritization.

Coordinate incident response activities.

Conduct technical investigations.

Execute containment procedures.

Support remediation efforts.

Validate recovery activities.

Document lessons learned.

Improve incident response processes.

Digital Forensics Analysis

Support forensic investigations involving:

Windows

Linux

Cloud environments

Active Directory

Microsoft 365

Azure

AWS

Containers

Virtual infrastructure

Experience with:

Memory analysis

Disk analysis

Log analysis

Timeline reconstruction

Registry analysis

Malware triage

Security Technologies

Consultants should have practical experience with one or more of the following:

Splunk

Microsoft Sentinel

CrowdStrike Falcon

Microsoft Defender

Elastic

QRadar

Palo Alto Cortex

Trellix

Carbon Black

Rapid7

Tanium

Tenable

Qualys

AWS Security Services

Azure Security Center

Microsoft Defender XDR

EDR/XDR platforms

Job Requirements

Minimum 7 years of cybersecurity experience.

Minimum 5 years supporting Incident Response or Security Operations Center (SOC) environments.

Experience responding to live cybersecurity incidents.

Experience performing enterprise threat hunting.

Strong understanding of:

NIST Cybersecurity Framework

NIST SP 800-61 Computer Security Incident Handling Guide

NIST SP 800-53

MITRE ATT CK Framework

Cyber Kill Chain

Zero Trust Architecture

Experience analyzing:

Windows Event Logs

Sysmon

Active Directory

DNS

Firewall logs

Authentication logs

EDR telemetry

Cloud audit logs

Excellent written and verbal communication skills.

Ability to explain technical findings to executive leadership.

Desired Qualifications

One or more of the following certifications:

CISSP

GIAC Certified Incident Handler (GCIH)

GIAC Certified Forensic Analyst (GCFA)

GIAC Certified Enterprise Defender (GCED)

Certified Ethical Hacker (CEH)

CompTIA CySA+

CompTIA Security+

Splunk Certified Architect

Splunk Enterprise Security Certified Admin

Microsoft Certified Security Operations Analyst (SC-200)

Microsoft Cybersecurity Architect (SC-100)

AWS Security Specialty

Certified Cloud Security Professional (CCSP)

Preferred Experience

Experience supporting:

Federal Civilian Agencies

Department of Defense

Intelligence Community

Critical Infrastructure

Healthcare

Financial Services

Energy Sector

Experience with:

Continuous Diagnostics and Mitigation (CDM)

Continuous Monitoring

Threat Intelligence

Insider Threat

Vulnerability Management

Malware Analysis

Digital Forensics

Cloud Incident Response

Identity-based attacks

Zero Trust implementations

Availability Requirements

Candidates must be able to:

Respond to urgent requests within agreed Service Level Agreements (SLAs).

Participate in after-hours, weekend, and holiday incident response activities.

Support remote engagements nationwide.

Participate in surge support during major cybersecurity incidents.

Key Competencies

Incident Response Leadership

Cyber Threat Hunting

Digital Forensics

Malware Investigation

Log Analysis

Enterprise Security Monitoring

SIEM Operations

Executive Communication

Technical Documentation

Problem Solving

Crisis Management

Team Collaboration

Deliverables

Consultants may be expected to produce:

Incident Response Reports

Executive Briefings

Threat Hunt Reports

Root Cause Analysis Reports

Lessons Learned Documenta…

Apply on company site