Incident Response Officer; Intermediate

Lackland Air Force Base, San Antonio, TX, USA •

Posted Thursday, January 15, 2026 at 6:00 AM

STS Systems Defense, LLC (SSD) is a government consulting and contracting firm supporting federal agencies and military installations across the U.S. We are seeking an Incident Response Officer (Intermediate) to support our mission at Lackland AFB in San Antonio, TX.

What You'll Do:

• Upon identification of suspicious activity on AF networks, open network intrusion investigation(s) to validate the unauthorized activity and determine the type and extent of activity.
• Participate and contribute to lessons learned meetings and briefings.
• When CAT events are escalated to incident response, complete incident response process, including: preparation, identification and scoping, containment, eradication and remediation, recovery, and lessons learned.
• Upon identification of suspicious activity on AF networks, open network intrusion investigation(s) to validate the unauthorized activity and determine the type and extent of activity.
• Provide AF Office of Special Investigations (OSI) DCO technical support to law enforcement and counter‐intelligence agencies and activities if required.
• Support planned and same‑day Incident Response deployments.
• Comply with 3rd party MOU/MOA monitoring and reporting requirements. Analyze host DCO events to determine the necessity for higher level analysis and conduct an initial assessment of type and extent of intruder activities. (CDRL A002)
• Conduct cyber investigations in order to determine the initial vector and overall timeline of intrusion, accurately identify the threat, determine the full scope of impact, and develop containment and remediation actions for approval.
• Author and review incident report forms (IRF) for security incidents within JEMS. Ensure the document is accurate and provides the correct amount of technical detail needed. (CDRL A008)
• Provide AF Office of Special Investigations (OSI) DCO technical support to law enforcement and counter‐intelligence agencies and activities if required.
• Generate end of mission reports (MISREPS) and provide pass‑on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no more than a 5% error rate.
• Generate end of mission reports (MISREPS) and provide pass‑on information for knowledge transfer to subsequent /crews of analysts on duty regarding the latest suspicious traffic seen from a given port, Internet Protocol (IP), etc. with no more than a 5% error rate.
• Provide computer security‑related support to AF field units (examples: 688 Cyber Wing Squadrons, Base Communications Squadrons, Mission Defense Teams), as directed by CCC, in countering vulnerabilities, minimizing risk, and improving the security posture of AF computers networks and systems within the scope of AFIN SOC operational requirements and mission execution.
• Initiate emergency checklists due to imminent threat, as directed by Crew Commander. Call emergency responders (Security Forces/Fire Department etc.) if needed via 911. The Crew Commander is responsible for all official reporting.
• Inform Crew Commander for all anomalies to include, but not limited to: utility outages, flooding, sick/missing members, or any other irregularity with the potential to adversely impact the mission.
• Participate in planning, briefing, and debriefing tasks as directed by CDO Mission Lead or Crew Commander.
• Provide feedback on detection mechanisms that are both true and false positive events to ESM and Content Development as applicable.
• When assigned as CDO Mission Lead, assign tasks to CDOs as prioritized by the Crew Commander, accounting for all required mission systems and functions.
• Design incident response plans (IRP) as directed by the Crew Commander. Ensure CDOs are briefed on objectives, ROEs, plans, contingencies, and applicable TTPs.
• Accomplish assigned weapon system access, ORM, Go/No Go, reports, TTP updates, and TAR submissions.
• Coordinate with CDO, FMA, DCC, ESM, CTE&A, and intelligence as required. Provide force presentation recommendations to Crew Commander.

What…