Job Description

Planet Technologies, the Nation’s leading Microsoft services provider to the public sector, is looking for a highly motivated individual to join our growing team as  Senior Cyber Incident Responder  In this role, you will be supporting impactful projects that make a difference for our country.
The Incident Responder facilitates and coordinates with leadership to provide expert technical support to the enterprise-wide cyber defense technicians to resolve cyber defense incidents. They correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation to any attacks within networks. They will respond to cyber incidents as necessary and act as a liaison between internal and external stakeholders within the organization.

Responsibilities

• Collects intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Performs analysis of log files from a variety of sources to identify possible threats to network security.
• Performs cyber defense incident triage, to include determining scope, urgency and potential impact, identifies the specific vulnerability, and making recommendations that enables expeditious remediation.
• Performs cyber defense trend analysis and reporting.
• Assists in Incident Response processes and in the enhancement of behavioral analytics including the development of Concept of Operations and Standards Operating Procedures.
• Develops and maintains models for cyber threat mitigation and improves on threat modeling.
• Use behavior analytics (UBA) and ensures all infrastructure components meet proper performance standards.
• Coordinates and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Coordinates incident response functions.
• Monitors external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.
• Performs cyber defense trend analysis and reporting.
• Performs initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
• Receives and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Writes and publishes after-action reviews, cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
• Assists junior Incident Response Technicians in their tasks

Qualifications

• A minimum of 8+ years of experience is required for this position.
• 
  Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related technical field, or equivalent practical experience.
• 
  Previous experience in Incident Response, Cyber Defense, SOC operations, or Digital Forensics.
• 
  Hands-on experience responding to enterprise-scale security incidents across networks, endpoints, and cloud environments.
• 
  Proven ability to collect, preserve, and analyze intrusion artifacts, including malware, trojans, scripts, and suspicious binaries.
• 
  Strong experience with incident triage, including determining scope, urgency, impact, root cause, and remediation strategy.
• 
  Advanced experience analyzing logs and alerts from multiple sources (SIEM, EDR, IDS/IPS, firewalls, servers).Skilled in identifying indicators of compromise (IOCs) and attacker behaviors.
• 
  Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar, Elastic); endpoint detection and response (EDR) tools
• 
  Familiarity with network traffic analysis tools (and knowledge of malware analysis tools and sandbox environments.
• 
  Familiarity with scripting or automation (e.g., Python, PowerShell, Bash) for investigation and analysis.
• 
  Strong ability to write clear, concise technical reports, guidance, and incident summaries including publishing after-action reviews, playbooks, SOPs, and CONOPS.
• 
  Ability to communicate complex technical findings to both technical and non-technical audiences.
• In lieu of some experience, industry certifications can be substituted (e.g., ISC2 CISSP, EC-Council Certified Incident Handler (C|IH), EC-Council Certified Network Defender (C|ND), SANS GCIH, SANS GCIP, SANS CFCA, Carnegie Mellon University CSIH)
• #CJ

Planet Technologies is the leading provider of Microsoft Consulting Services to public sector and commercial organizations. Planet has significant experience in deploying business intelligence, cloud services, unified communications, and systems management with an emphasis building, deploying, and managing custom solutions that transform the business operations of federal government agencies.
Planet Technologies does not discriminate in employment opportunities, terms and conditions of employment, or practices. All qualified applicants will receive consideration for employment without regard to race, age, gender, religious or political beliefs, national origin or heritage, disability, sexual orientation, protected veteran status, or any characteristic protected by law. Federal Agency Clearance Requirements may require up to a 10-year background investigation - US Citizenship (clearable) is required.
Salaries for Cyber Incident Responders at Planet Technologies range from $90,000 and $140,000. Several factors will impact final pay offered to a successful candidate including but not limited to the type and years of experience within the job, clearance level, the type of years and experience within the industry, education, training, etc.
Visit  www.go-planet.com to learn more about us. Details about our benefits can be found here  Planet Technologies Benefit Guide 2025-2026