Senior Manager, IT Incident Response in Herndon, VA at Constellis

Date Posted: 11/9/2020

Job Snapshot

  • Employee Type:
  • Location:
    Herndon, VA
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description


Are you ready for your next adventure? From down range to corporate positions around the world, we provide you with opportunities to grow your career while helping to make the world more secure.

Constellis provides opportunities across every major continent for individuals who want to build successful careers in a fast-paced, growing industry. Legal, moral and ethical business practices remain at the cornerstone of our culture and Constellis continues to be recognized for our emphasis on quality and compliance. This strong track-record of performance is supported by our deep relationships with our government and commercial customers. Our employees worldwide, the majority of whom are military or law enforcement veterans, have ambition and passion for creating a safer world. Join us to Secure Success!


The Senior Manager, IT Incident Response will serve as the lead for the Cyber Security Incident Response Team (CSIRT) and will oversee a team of event analysts and incident responders (both Red and Blue Teams). Candidates should be familiar with incident response processes, network investigative techniques, network intrusion patterns, malware analysis, and cyber security trends and issues. The manager will also serve as an escalation point for high-visibility network security incidents and should be able to perform functions such as log analysis, network traffic and endpoint forensics, be able to draw together data from disparate sources, and have experience coordinating large scale incident response. This will require hands-on work and high technical proficiency in information security, systems and network administration. The manager is expected to work independently within broad guidelines supplied by executive management.

  • Act as Incident Commander for all cyber events and advanced attacks in accordance with the incident response process

  • Must be prepared to go in the weeds to assist with triage and analysis of potential incidents; identification of techniques and indicators; containment and eradication of threat; and follow up with appropriate communications

  • Create, document and maintain effective incident response workflow, processes, and procedures

  • Train, mentor, and guide staff in procedures and techniques

  • Coordinate with other security teams (e.g. I&AM, Risk Management, Vulnerability Management)

  • Work with business and implementation teams to ensure network security monitoring requirements are considered at an early stage in the product deployment process

  • Continuously assess network security monitoring requirements, detection methods, and tools and close identified gaps. Direct and prioritize team assignments accordingly

  • Provide strategic and technical leadership for CSIRT sponsored tools including collating requirements, product selection, implementation, and production maintenance

  • Ensure security monitoring and response plans are aligned with corporate and business goals

  • Collaborate with corporate and cross-functional teams to work on enterprise-wide projects (e.g. CMMC implementation)

  • Prepare presentations and reports for senior-level management as required. Write technical articles for knowledge sharing

  • Provide leadership and guidance to advance CSIRT capabilities and its ability to defend the network

  • Lead weekly staff meetings and review/analyze weekly status reports for actionable items

  • Conduct performance reviews help team members execute career development plans and interview and hire staff as necessary

  • Other duties as assigned


  • Bachelor's Degree required. Three additional years of related experience beyond the minimum required may be substituted in lieu of a degree

  • Minimum 5-8 years of experience in CyberSecurity Incident Response, with 2 years in a leadership role

  • Certifications: CISSP, GCIH, CISM or willingness to obtain within 9 months of start date

  • Experience with cyber kill chain and IT security frameworks such as NIST, critical security controls and MITRE ATT&CK matrix

  • Hands-on experience with networking (OSI model, TCP/IP, etc.) and network services (DNS, HTTPS, SMTP, etc.)

  • Hands-on systems administration experience (Unix/Linux and Windows) with knowledge of security practices

  • Hands-on experience with security and monitoring tools such as Splunk Enterprise Security, Crowdstrike, Malwarebytes, IDS/IPS (Snort) and network sniffers

  • Hands-on experience analyzing malware and diving deep into Windows and Linux

  • Familiarity with cloud and virtualization technologies such as VMware

  • A track record of automating repetitive processes to drive efficiency in operations

  • Experience working with Incident Response processes, network forensics and intrusion patterns, malware analysis, and cyber security trends

  • Ability to balance multiple competing priorities in a fast-paced environment

  • Demonstrated supervisory, leadership and mentoring experience

  • Strong verbal/written communication and presentation skills

  • Ability to work in a highly collaborative environment with multiple business partners


  • Security+

  • Certified Ethical Hacker (CEH)

  • GIAC Certified Incident Handler (GCIH)


Constellis protects critical priorities safely and efficiently around the world. Operating in 40 countries and based in the Washington D.C. area, our 22,000 Constellis employees bring unparalleled dedication and passion for creating a safer world and upholding the highest standards of compliance, quality and integrity. As a leading global provider of risk management, security, humanitarian, training and operational support services to government and commercial customers worldwide, Constellis' forward-thinking solutions include a range of synergistic services, including background investigations, social intelligence tools, advanced training, logistics and life support, UAV and K9 services, and crisis response mitigation. At Constellis, our number one priority is to secure success for our customers. For more information, visit


Constellis offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects its commitment to creating a diverse and supportive workplace.

  • Medical, Vision & Dental Insurance

  • Paid Time-Off Program & Company Paid Holidays

  • 401(k) Retirement Plan

  • Insurance: Basic Life & Supplemental Life

  • Health & Dependent Care Flexible Spending Accounts

  • Short-Term & Long-Term Disability

  • Personal Development & Learning Opportunities

  • On-the-job Training, Skills Development & Certifications

  • Employee Referral Program

  • Corporate Sponsored Events & Community Outreach


Work is typically based in a busy office environment and subject to frequent interruptions. Business work hours are Monday-Friday from 8:00 am to 5:00 pm, however some extended or weekend hours may be required.


May be required to lift and carry awkward items weighing up to 25 lbs. Requires intermittent standing, walking, sitting, squatting, stretching and bending throughout the workday.