Nightwing is supporting a U.S. Government customer to provide support for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel perform investigations to characterize the severity of breaches, develop mitigation plans, and assist with the restoration of services. Nightwing is seeking a Cyber Action Officer to support this critical customer mission.

Responsibilities:

- Supporting the management of cyber incidents through the incident response lifecycle.

- Creating and maintaining routine reporting of cyber incidents in official systems of record, to include case management systems and ticketing.

- Coordinating with internal and external customers, partners, and stakeholders.

- Ingesting, validating, and evaluating information to determine optimal courses of action, to include providing response support to requesting entities.

- Updating and tracking cases and tickets with accuracy, timeliness, reliability, and consistency.

- Drafting summaries of ongoing operations and be able to provide oral presentations for various levels of leadership.

- Maintaining knowledge objects in system of record consistently and professionally.

- Threat and vulnerability management to recognize and categorize types of vulnerabilities, threat actors, and different operational threat environments, and associated attacks (MITRE ATT&CK framework).

- Knowledgeable of network security monitoring and/or security operations analysis, system administration, operating system hardening, cyber hygiene techniques, and cybersecurity defense policies, procedures, and regulations.

Required Skills:
- U.S. Citizenship
- Must have an active TS/SCI clearance
- Must be able to obtain DHS Suitability
- 5+ years of directly relevant experience in cyber incident management or cybersecurity operations
- Knowledge of incident response, threat hunting, and handling methodologies
- Ability to track multiple active engagements, personnel or equipment deployments, as well as coordinate with internal and external stakeholders.
- Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident
- Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
- Skill in recognizing threat actor campaigns, tactics, techniques, and procedures
- Familiar with basic system and network administration, traffic analysis techniques, Computer Network Defense policies, procedures and regulations
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)

- Excellent oral and written communication skills

Desired Skills:
- Familiarity with different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
- Familiarity with of system and application security threats and attack methods (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)

Required Education:
BS Incident Management, Operations Management, Cybersecurity or related degree. HS Diploma with 7-9 incident management or cyber security experience

Desired Certifications:
GCIH

Arlington, VA

Previously part of a leading Fortune 100 company and headquartered in Dulles, VA; Nightwing became independent in 2024 but continues to support the nation's most mission impactful initiatives.