Location: Onsite (CONUS) / Shift Work
Clearance: Active TS/SCI (DHS EOD Suitability required)
Company: Argo Cyber Systems, LLC - Service-Disabled Veteran-Owned Small Business (SDVOSB)
Argo Cyber Systems provides mission-critical cybersecurity support to U.S. Government agencies and critical infrastructure owners nationwide. Our teams deliver rapid incident response, advanced forensics, and coordinated recovery operations to protect vital systems from evolving cyber threats. We combine technical precision with operational agility-helping federal partners identify, contain, and recover from complex cyber incidents with speed and confidence.
Argo Cyber Systems is seeking a Cyber Incident Manager to lead onsite incident response operations for a U.S. Government customer. The selected candidate will coordinate and execute incident handling, forensic triage, and threat mitigation activities for large-scale, high-impact cyber events. This role is part of a 24×7 incident response capability that provides immediate investigation, containment, and recovery support to federal civilian agencies and critical infrastructure entities.
Direct and coordinate incident response activities across diverse environments-ensuring rapid containment, accurate impact assessment, and effective recovery.
Correlate and analyze incident data to identify patterns, trends, and emerging threats.
Perform triage and scoping of cyber incidents to determine severity, urgency, and operational impact.
Apply Defense-in-Depth principles and best practices to strengthen enterprise resilience.
Investigate indicators of compromise (IOCs), malware behavior, and intrusion vectors using host and network data.
Research and document resolution steps, mitigations, and workarounds for ongoing or recurring incidents.
Develop and maintain incident response procedures and playbooks aligned with NIST SP 800-61 Rev.2 and FISMA reporting requirements.
Monitor external intelligence sources and threat feeds to maintain situational awareness of current threat conditions.
Track, document, and brief incident lifecycle progress from detection through closure, ensuring accurate reporting and escalation to senior stakeholders.
Collaborate with cross-functional teams-including threat analysts, forensics personnel, SOC operators, and federal incident coordinators-to provide unified, mission-focused response.
U.S. Citizenship
Active TS/SCI clearance (must be able to obtain DHS EOD Suitability)
5+ years of directly relevant experience in cyber incident management, SOC operations, or DFIR roles
Strong understanding of incident response methodologies, frameworks, and reporting requirements under NIST SP 800-61 and FISMA
Demonstrated ability to analyze, prioritize, and document incidents within enterprise or federal environments
Solid grasp of attack lifecycle stages and common adversary tactics (reconnaissance, exploitation, privilege escalation, persistence, exfiltration, etc.)
Knowledge of system administration, OS hardening, and defensive security controls across Windows, Linux, and hybrid environments
Familiarity with CND policies, procedures, and regulatory frameworks
Understanding of threat actor typologies (e.g., opportunistic, organized criminal, nation-state) and their operational tradecraft
Excellent written and verbal communication skills for technical and executive reporting
Proficiency with SIEM, EDR, and network forensic tools (e.g., Splunk, SentinelOne, Elastic, Wireshark)
Experience conducting or managing shift-based or 24×7 cyber operations
Advanced knowledge of malware analysis, log correlation, and network defense methodologies
Familiarity with incident ticketing and tracking systems (e.g., ServiceNow, Jira, Remedy)
Strong analytical mindset and ability to lead during high-pressure operational events
Bachelor's Degree in Cybersecurity, Information Systems, Computer Science, or related discipline
or
High School Diploma with 7-9 years of relevant incident management or cybersecurity experience
GCIH, GCFA, GISP, GCED, CCFP, CISSP, or equivalent
Shift work position; schedule determined upon start.
ECP-1 rates apply.
Must be available for onsite support during active incidents or surge operations.
As part of Argo Cyber Systems, you will serve at the forefront of national cyber defense-protecting civilian agencies and high-value assets from persistent and emerging threats. You'll join a veteran-founded, mission-driven team dedicated to operational excellence, collaboration, and innovation in the cyber domain.
Argo Cyber Systems is a Service Disabled Veteran Owned Small Business (SDVOSB). Located in Historic Downtown Pensacola, Argo Cyber Systems is a pure-play cyber security firm. We are cyber security and intelligence experts offering dedicated threat and security monitoring of critical infrastructure assets, businesses, and other environments.
Cyber Services
Managed Detection and Response (MDR) and Cyber Threat Monitoring
Argo Cyber Systems provides managed cyber monitoring services through a dedicated SIEM and Cyber Threat Monitoring platform with an advanced threat correlation engine at affordable prices.
Continuous Asset Discovery
By utilizing technology which can automatically discover new devices on your network, we always know what’s connected in your digital environment.
Continuous Real-time Threat Monitoring, Correlation & Alerting
It does not matter if you are in AWS, Azure, Google Cloud Platform, or on premise, we are able to gain visibility of devices, systems, applications, and user activities in your environment. We support Office 365, G Suite, network devices, operating systems, and over 400 devices and applications that are important to your businesses' day-to-day activities.
Global Threat Analysis and Supply Chain Cyber Risk Management
Due Diligence X© (DDX) was created with this in mind – to provide a dynamic platform for testing devices for assurance that the equipment will be free from a variety of security threats.
Assessment Support Services and Penetration Testing
ARGO Cyber Systems Principals have gained decades of experience conducting various types of assessments including Cyber Risk Assessments, Threat Assessments, Risk Management and Threat intelligence from our work with the DOD and Federal.
Breach Clean up, Mitigation and Remediation
Argo Cyber is capable of mitigation and remediation of your assets and environment in the event you are breached.
