Title:Supervisory Cyber Analyst - Incident Response
Job Summary:KBR is seeking a
Supervisory Cyber Analyst with incident response experience to lead and manage cybersecurity operations supporting the Defense Health Agency (DHA). This role provides day-to-day supervision of KBR cyber personnel and oversees the coordination and execution of cybersecurity incident response activities at the DoD Component level to protect information systems from unauthorized activity, vulnerabilities, and threats.
The Supervisory Cyber Analyst works closely with the on-site government customer to execute mission priorities, incorporate directed feedback, and identify emerging requirements that may result in task order growth. This is an
on-site position based in Charleston, SC. Situational work from KBR offices or a home office may be approved by the government customer based on mission needs.
Roles and Responsibilities:- Provide direct supervision and leadership to KBR-assigned Incident Response Coordinators supporting Cyber Operations Center teams across multiple geographic regions, including Charleston, SC; Stuttgart, Germany; and Pearl City, HI, as well as remote locations within the United States.
- Ensure assigned personnel execute all tasks in accordance with government direction, performance standards, and contractual requirements, delivering outcomes on schedule and within scope.
- Serve as the primary interface with the assigned government lead, ensuring effective communication, issue resolution, and mission alignment.
- Elicit both explicit and implicit customer requirements to develop recommendations for new work, process improvements, or enhancements to existing cybersecurity operations.
- Actively participate in cyber incident response operations by monitoring, tracking, and coordinating responses to cybersecurity incidents and electronic data spillage events across DHA mission-relevant environments.
- Coordinate response activities among the Cybersecurity Service Provider (CSSP), DHA departments, sites, facilities, and external organizations as required.
- Provide timely status updates and executive-level reporting to DHA leadership throughout the full incident lifecycle, from detection through closure.
- Track incident metrics and historical data and provide reporting upon request to support trend analysis and leadership decision-making.
- Proven ability to decompose ambiguous or complex government requirements into actionable tasks and execution plans.
- Strong problem-solving and critical-thinking skills in dynamic operational environments.
- Demonstrated experience communicating technical cybersecurity concepts effectively through written reports and oral briefings.
- Ability to interpret and implement technical policies and procedures related to information systems and information systems security.
- Demonstrated ability to manage multiple concurrent projects and priorities.
- Self-directed professional capable of operating effectively with minimal supervision.
Basic Qualifications:- Bachelor's degree and ten (10) years of relevant technical experience; in lieu of a degree, an additional eight (8) years of technical experience may be substituted.
- Active Secret security clearance or higher.
- Minimum DoD 8570/8140 IAT Level II certification.
- Demonstrated supervisory experience leading teams of five (5) or more personnel, including direct and matrixed staff.
- Experience briefing senior leadership and engaging both technical and non-technical audiences.
- Experience supporting large enterprise environments such as the Defense Health Agency, Naval Information Warfare Centers, or similar government organizations.
- Experience with the design, installation, and sustainment of information system hardware and software.
- Knowledge of incident response and handling methodologies, including cyber attack classes, threat actor profiles, and attack lifecycle stages.
- Understanding of network security architecture, including topology, protocols, components, and principles.
- Knowledge of cloud service models and their impact on incident response activities.
- Knowledge of DoD/DoW cybersecurity policies, procedures, and regulations.
- Proficiency with standard office productivity and collaboration tools.
Preferred Qualifications:- DoD 8570/8140 IAT or IAM Level III certification.
Location: Charleston, SC (On-site)
Schedule: Full-time, 40 hours/week | Core hours 8:00 a.m. - 4:30 p.m. ET
Travel: Up to 5% travel may be required, sometimes with limited notice
