ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking Incident Response Engineers who have experience performing security incident response planning, preparation, execution, and reporting. Candidates for this position will develop, maintain, and execute an Incident Response (IR) Playbook adhering to NIST 800-61 and -137 guidelines. Incident reporting will align with SecOps and SDM reporting mechanisms. Post-incident activity will focus on distilling lessons learned into actionable improvements across Security Operations Center (SOC) technologies and processes, in coordination with agency CSIRT.

IR Engineers will work as members of the 24x7x365 SOC to conduct incident investigation and support the organization’s IR process. Candidates are also responsible for providing support to the Agency’s IAS team at every step of the Incident Response process. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

We are seeking candidates to fill 1stand 2ndshifts in support of 24x7x365 operations.

Roles and Responsibilities

  • Work under IR Engineer Lead in incident response process preparation and testing activities
  • Perform analysis of suspected unauthorized or anomalous activities and attacks
  • Perform forensics analysis of attacks or data breaches identify extent of activity, targeted assets, methods used, etc.
  • Perform incident containment and eradication activities as needed, and support post-incident activities, including reporting and lessons learned
  • Ensure required communications are sent to management, the Agency and US CERT regarding incidents
  • Monitor SOC tools required for detection and analysis of suspicious or unauthorized activities to ensure they are functioning and have latest software updates
  • Work closely with IR manager and SOC team as appropriate on incident response process preparation and execution activities

Required Skills

  • Experience working in security incident detection, analysis, containment and response activities in an enterprise environment
  • Familiarity with common attack vectors and methods for detecting activity associated with each vector
  • Proven skills and experience with digital forensics and security detection tools and their output, such as IDS/IPS, SIEMs, antivirus/antispam software, and file integrity checking software
  • Experience working with Windows, Linux, and MacOS, their service and application logs, network device logs, and basic internet protocols, including TCP/IP
  • Experience with creating automated log correlations in Splunk, ELK or an equivalent tool used to identify anomalous and potentially malicious behavior
  • Excellent written and verbal communication skills

Years of Experience Requirement

  • 8 years desired but not required depending on demonstrated capability to perform required skills

Education Requirement 

  • BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline or 8+ years of relevant experience is preferred

Certification Requirement

  • Desired certifications include: Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Examiner (GCFE), or GIAC Certified Forensic Analyst (GCFA) Certification


  • Crystal City with transition to Herndon/Reston area

Security Clearance

  • U.S Citizenship with the ability to obtain a Secret clearance

Sound like the job for you?

Send us a link to your resumé or portfolio to become part of our talent pool.

Submit your resumé here!