Incident Manager Level III (Computer Network Defense) Requires US Security clearance

Location: Onsite (CONUS) / Shift Work (as assigned)
Clearance: Active TS/SCI (DHS EOD Suitability required)
Company: Argo Cyber Systems, LLC - Service-Disabled Veteran-Owned Small Business (SDVOSB)

Argo Cyber Systems delivers mission-critical cybersecurity and incident response services to U.S. Government agencies and critical infrastructure sectors. Our teams provide rapid onsite and remote technical support to organizations affected by cyberattacks, conducting advanced investigations, developing mitigation strategies, and restoring operational integrity.

At Argo Cyber, we don't just respond to incidents - we strengthen the nation's resilience against them. Our analysts work side by side with DHS and civilian agency partners to safeguard essential systems and data from persistent and emerging threats.

Argo Cyber Systems is seeking an experienced Cyber Incident Manager to lead and coordinate incident response operations for a high-profile U.S. Government customer. The Incident Manager will oversee the triage, analysis, and resolution of cybersecurity events across federal civilian networks and critical assets. This role requires a mix of technical depth, investigative skill, and the ability to synthesize complex data into actionable recommendations for both technical and executive audiences.

• Lead and manage incident response and cyber defense operations, ensuring timely containment, eradication, and recovery.

• Correlate and analyze incident data to identify trends, adversary tactics, and systemic vulnerabilities.

• Conduct Computer Network Defense (CND) triage, assessing scope, urgency, and operational impact of security events.

• Develop and recommend Defense-in-Depth strategies, layered defense architectures, and resilience improvements.

• Research and document resolutions and mitigations to support enterprise recovery and strengthen future defenses.

• Apply cybersecurity and threat intelligence concepts to detect, analyze, and respond to intrusions in both small and large-scale network environments.

• Monitor and assess external threat data sources to maintain situational awareness and anticipate potential impacts to the enterprise.

• Lead the investigation of incident root causes, infection vectors, and attacker methodologies.

• Receive, analyze, and validate security alerts from enterprise monitoring tools, escalating as appropriate.

• Track and document all incident response activities from detection through closure, ensuring comprehensive reporting and lessons learned.

• Support continuous improvement by refining processes, updating playbooks, and mentoring junior analysts.

• U.S. Citizenship (required)

• Active TS/SCI clearance (required)

• Ability to obtain DHS Entry on Duty (EOD) Suitability

• 5+ years of hands-on experience in cyber incident management or SOC/DFIR operations

• Deep understanding of incident response methodologies, containment strategies, and recovery workflows

• Working knowledge of NIST SP 800-61 Rev.2 (Computer Security Incident Handling Guide) and FISMA incident reporting standards

• Strong ability to analyze, prioritize, and document incidents, including phishing, lateral movement, and privilege escalation cases

• Comprehensive understanding of cyberattack lifecycle stages and adversary tactics, techniques, and procedures (TTPs)

• Proficiency in identifying vulnerabilities, threat vectors, and exploitation patterns

• Knowledge of operating system hardening, network defense, and system administration fundamentals

• Familiarity with nation-state, criminal, and opportunistic threat actor profiles and their operational tradecraft

• Excellent communication, coordination, and leadership skills in high-pressure, mission-driven environments

• Proficiency with enterprise SIEM, EDR, and incident management platforms (e.g., Splunk, SentinelOne, CrowdStrike, ServiceNow)

• Experience leading shift-based operations or 24x7 response teams

• Deep knowledge of malware, intrusion detection, and threat hunting techniques

• Familiarity with log analysis, packet capture, and intrusion detection systems (IDS/IPS)

• Strong understanding of MITRE ATT&CK framework and cyber kill chain methodology

• Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, or related discipline
  or

• High School Diploma with 7-9 years of directly relevant experience in cyber incident response or network defense

• GIAC Certified Incident Handler (GCIH)

• GIAC Certified Forensic Analyst (GCFA)

• GIAC Certified Intrusion Analyst (GCIA/GCED)

• Certified Information Systems Security Professional (CISSP)

• Certified Cyber Forensics Professional (CCFP) or equivalent

At Argo Cyber Systems, you will operate at the front lines of national cybersecurity defense - protecting civilian agencies and critical infrastructure from sophisticated cyber threats. You'll join a mission-driven, veteran-founded team dedicated to excellence, integrity, and impact in every engagement.

© Argo Cyber Systems, LLC - All Rights Reserved

Argo Cyber Systems, LLC is committed to maintaining a safe, secure, and trusted workplace for all employees and our federal clients. Employment with Argo Cyber Systems is contingent upon successful completion of all required background investigations and pre-employment screenings, which may include, but are not limited to:

• Criminal background checks (federal, state, and local)

• Employment and education verification

• Reference checks

• Drug screening (in compliance with federal and state law)

• Security clearance verification (as applicable for classified positions)

Candidates selected for employment in positions requiring access to sensitive or classified information may also be subject to additional U.S. Government background investigations and security adjudication processes, including DHS Entry on Duty (EOD) suitability or equivalent federal clearance requirements.

Argo Cyber Systems reserves the right to disqualify or rescind an offer of employment based on the results of any background or screening process that, in the company's judgment, may impact an individual's ability to perform essential job functions or meet contractual obligations.

All background investigations and screenings are conducted in accordance with applicable federal, state, and local laws, including the Fair Credit Reporting Act (FCRA). Candidates will be notified of their rights and provided an opportunity to review and dispute any adverse findings before final employment determinations are made.