General Dynamics Information Technology Incident Response Team Lead in Durham, North Carolina

Clearance Level Must Currently Possess:

Public Trust

Clearance Level Must Be Able to Obtain:

No Active Clearance Required


No Suitability Required

Job Family:

Information Technology

Job Description:

GDIT is supporting EPA's Office of Environmental Information under the Infrastructure Support and Applications Hosting task order. The purpose of this contract is to develop and operate EPA's infrastructure and application platforms to be reliable, secure, and technologically advanced. The services obtained under this contract support the entirety of EPA at all geographic locations and numerous research facilities across the United States. The services consist of data center management, application hosting, application deployment/maintenance, geospatial service support, network security, cyber security, cloud computing, COOP support, and Enterprise Identity and Access Management (EIAM) and Active Directory (AD). The primary work location is in Research Triangle Park, NC.

We are currently seeking an Incident Response Team Lead to join our team supporting the Environmental Protection Agency’s (EPA) Computer Security Incident Response Capability (CSIRC).

The role will involve support of the Agency’s CSIRC, managing security incidents through the incident response life cycle, including network, forensic, and malware analysis. Normal tasks will include (but not limited to): oversight of the Incident Response team; management of security incidents; interface with EPA and status and reporting; status and reporting to CSRA management.

The candidate for this position will perform the following (but not limited to) duties and tasks:

  • Research and integration of current vulnerabilities, threats, and security technologies into incident response operations

  • Management of complex security incidents through the incident response life cycle

  • Documentation of security incidents in Remedy and maintenance of incident artifacts

  • Detection and analysis of security incidents through the monitoring of security tools, such as Fortinet, ArcSight, BlueCoat SSA, Cisco AMP/FirePower/Threat Grid, and custom tools

  • Analysis of incident related data, such as packet captures, netflow, DNS history, and logs

  • Forensic analysis through use of both open source and enterprise computer forensic tools

  • Static and dynamic analysis of malicious code identification and analysis

  • Design and implementation of threat containment, and eradication strategies

  • Development of incident response processes and procedures

  • Analysis of organization security posture and development of formal recommendations for controlimplementation or modification

  • Generation of after action reports, lessons learned documents, and threat papers for senior management

  • Training and mentoring to other incident response team members

  • Participation in an afterhours on-call rotation

The Candidate must have the following (but not limited to) qualifications and abilities:


  • At least five years of experience in a computer security incident response role

  • At least five years of enterprise Linux and Windows administration

  • At least two years of leadership experience

  • Excellent communications and interpersonal skills

  • Passion for information security and incident response

  • Practical experience with TCP/IP networking

  • Experience setting up a Security Operations Center

  • Experience with Active Directory and other enterprise credential stores

  • Experience with virtualization technologies such as VMWare or VirtualBox

  • Experience with computer forensics and malware analysis

  • Critical thinking and problem solving skills

  • Ability to quickly learn new technologies and respond to changing requirements and environment

  • Ability to work independently and in a cross functional team

  • Ability to identify both tactical and strategic solutions to complex issues


BS or equivalent + 7 yrs related experience, or MS + 5 yrs related experience


CISSP or GIAC certification is desirable.




# of Openings:


Scheduled Weekly Hours:


T elecommuting Options:

Some Telecommuting Allowed

Work Location:

USA NC Durham - 79 TW Alexander Dr (NCS005)

Additional Work Locations:

CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.


CSRA is tomorrow’s thinking, today. To “Think Next. Now.” is to imagine a better future and to deliver it, today. For our customers, our partners, and ultimately, all the people our mission touches, CSRA is realizing the promise of technology to change the world through next-generation thinking and meaningful results.

We understand that our customers' missions require new methods and imaginative thinking. We bring together government IT professionals, emerging technologies, and the brightest, cutting-edge advisors in the industry to deliver a broad range of innovative, next-generation IT solutions and professional services to help our customers modernize their legacy systems, protect their networks and assets, and improve the effectiveness and efficiency of mission-critical functions for our warfighters and our citizens.

Everywhere you look, CSRA is there. We’re in our nation’s infrastructure, in training and education, in cyber security, in serving veterans who served us—and, so much more. Take some time to learn more about CSRA. You might be surprised to learn how we touch your life.

We are a company of 18,000+ smart, talented individuals, yet we enjoy a start-up culture that inspires us to make a difference while delivering results in this rapidly evolving world. Join our team and use your skills and expertise to support the safety, security, health and well-being of the nation.