Action Officer

Cyber Action Officer

Nightwing, a provider of full‑spectrŬ cyber, data operations, systems integration, and intelligence support services, is seeking a Cyber Action Officer to support a U.S. Government customer in onsite incident response. The role involves investigating cyber‑attacks, characterizing breach severity, developing mitigation plans, and assisting with service restoration.

• Supporting the management of cyber incidents throughout the incident response lifecycle.
• Creating and maintaining routine reporting of cyber incidents in official systems of record, including case management systems and ticketing.
• Coordinating with internal and external customers, partners, and stakeholders.
• Ingesting, validating, and evaluating information to determine optimal courses of action, including providing response support to requesting entities.
• Updating and tracking cases and tickets with accuracy, timeliness, reliability, and consistency.
• Drafting summaries of ongoing operations and providing oral presentations for various levels of leadership.
• Maintaining knowledge objects in systems of record consistently and professionally.
• Threat and vulnerability management to recognize and categorize types of vulnerabilities, threat actors, and different operational threat environments, including associated attacks (MITRE ATT&CK framework).
• Knowledgeable of network security monitoring, security operations analysis, system administration, OS hardening, cyber hygiene techniques, and cybersecurity defense policies, procedures, and regulations.

• U.S. citizenship.
• Active TS/SCI clearance.
• Ability to obtain DHS suitability.
• 5+ years of directly relevant experience in cyber incident management or cybersecurity operations.
• Knowledge of incident response, threat hunting, and handling methodologies.
• Ability to track multiple active engagements, personnel or equipment deployments, and coordinate with internal and external stakeholders.
• Knowledge of the NCCIC National Cyber Incident Scoring System to prioritize triaging of incidents.
• Knowledge of general attack stages (foot printing, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Skill in recognizing threat actor campaigns, tactics, techniques, and procedures.
• Familiarity with basic system and network administration, traffic analysis techniques, Computer Network Defense policies, procedures, and regulations.
• Knowledge of different operational threat environments (script kiddies, non nation‑state, nation‑state).
• Knowledge of system and application security threats and vulnerabilities (buffer overflow, mobile code, cross‑site scripting, PL/SQL injection, race conditions, covert channel, replay, return‑oriented attacks, malicious code).
• Excellent oral and written communication skills.

• Familiarity with different operational threat environments.
• Familiarity with system and application security threats and attack methods.

BS in Incident Management, Operations Management, Cybersecurity or related degree. HS diploma with 7ս‑9 years of incident management or cybersecurity experience.

GCIH

• Mid‑Senior level

• Full‑time

• Information Technology

• IT Services and IT Consulting

Arlington, VA

Nightwing is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.