Company Overview
Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.
Job Overview
The SOC / Incident Response Lead serves as the operational leader for 24x7x365 security monitoring and incident response under the Information Security Program Support Services (ISPSS) effort supporting the NIH Office of the Director, Office of Information Technology (OD OIT), responsible for leading Tier 1 detection and triage and Tier 2/3 forensics, threat hunting, and cyber threat intelligence across the NIH/OD-OIT managed environment. This role drives execution across incident detection, triage, investigation of suspected intrusions within 30 minutes, containment and recovery, digital forensics (NIST SP 800-86), malware analysis, and incident reporting in close coordination with NIH/OD OIT leadership and enterprise cybersecurity organizations.
This is a full-time position with work performed primarily offsite, though travel to NIH/OD facilities in the Bethesda, MD area will be required on an as-needed basis. Core hours are Monday-Friday, 7:00 AM - 6:00 PM EST, and after-hours support for emergency incidents will be required as needed by NIH/OD. Position is contingent upon award and client approval.
Primary Duties
Lead 24x7 Security Operations
Required Qualifications
Education & Experience
Preferred Qualifications
Clearance
Salary Range
Devis is an AA/EOE/M/F/Disabled/VET Employer committed to providing equal employment opportunity without regard to an individual's race, color, religion, age, gender, sexual orientation, veteran status, national origin or disability.
Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.
Job Overview
The SOC / Incident Response Lead serves as the operational leader for 24x7x365 security monitoring and incident response under the Information Security Program Support Services (ISPSS) effort supporting the NIH Office of the Director, Office of Information Technology (OD OIT), responsible for leading Tier 1 detection and triage and Tier 2/3 forensics, threat hunting, and cyber threat intelligence across the NIH/OD-OIT managed environment. This role drives execution across incident detection, triage, investigation of suspected intrusions within 30 minutes, containment and recovery, digital forensics (NIST SP 800-86), malware analysis, and incident reporting in close coordination with NIH/OD OIT leadership and enterprise cybersecurity organizations.
This is a full-time position with work performed primarily offsite, though travel to NIH/OD facilities in the Bethesda, MD area will be required on an as-needed basis. Core hours are Monday-Friday, 7:00 AM - 6:00 PM EST, and after-hours support for emergency incidents will be required as needed by NIH/OD. Position is contingent upon award and client approval.
Primary Duties
Lead 24x7 Security Operations
- Direct real-time, 24x7x365 security log collection, monitoring, alerting, and event analysis across the OIT-managed environment
- Perform incident triage on all incidents to determine scope, urgency, and operational impact
- Investigate suspected intrusions and suspicious activity within 30 minutes of detection
- Ensure accurate, consistent incident categorization and ticketing
- Lead detection, triage, analysis, containment, eradication, recovery, and post-incident reporting
- Oversee Tier 2/3 digital forensics, evidence preservation, and chain of custody compliant with NIST SP 800-86
- Conduct malware analysis, reverse engineering, and analysis of suspicious websites, emails, and payloads
- Deliver Security Incident Tickets/Reports within 1 hour of detection and Incident Response After Action Reports
- Lead Advanced Persistent Threat (APT) hunting across the managed environment
- Operate an active Cyber Threat Intelligence (CTI) program to collect, correlate, and disseminate relevant intelligence and IOCs
- Support collaboration with OCIO threat intelligence / Fusion Center activities
- Provide engineering support to the SOC and Incident Response Team and ensure proper configuration of SOC-managed tools and agents
- Lead annual incident response tabletop exercises and implement lessons learned
- Produce the Monthly Forensic Activity Summary and related metrics
Required Qualifications
Education & Experience
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience)
- Minimum 7 years in security operations / incident response, including SOC team leadership
- Demonstrated experience with digital forensics, malware analysis, and threat hunting in enterprise environments
- One or more incident response/forensics certifications: GCIH, GCIA, or GCFA (or comparable)
- CISSP strongly preferred
- Hands-on expertise with SIEM, EDR, and IDS/IPS platforms and security log analysis
- Forensic tooling and evidence handling consistent with NIST SP 800-86 and Federal Rules of Evidence
- Familiarity with US-CERT incident notification guidelines and federal reporting timelines
- Calm, decisive leadership during active incidents and crisis coordination
- Strong written reporting and clear escalation communication
Preferred Qualifications
- Experience supporting NIH/HHS or other federal SOC operations
- Cloud monitoring/IR experience (e.g., Azure, AWS)
- Experience standing up or maturing CTI programs
Clearance
- Must be able to obtain and maintain the NIH/OD/OIT required clearance level and complete all suitability/onboarding requirements
Salary Range
- $110,000 - $130,000
Devis is an AA/EOE/M/F/Disabled/VET Employer committed to providing equal employment opportunity without regard to an individual's race, color, religion, age, gender, sexual orientation, veteran status, national origin or disability.
Company Overview
Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.
Job Overview
The SOC / Incident Response Lead serves as the operational leader for 24x7x365 security monitoring and incident response under the Information Security Program Support Services (ISPSS) effort supporting the NIH Office of the Director, Office of Information Technology (OD OIT), responsible for leading Tier 1 detection and triage and Tier 2/3 forensics, threat hunting, and cyber threat intelligence across the NIH/OD-OIT managed environment. This role drives execution across incident detection, triage, investigation of suspected intrusions within 30 minutes, containment and recovery, digital forensics (NIST SP 800-86), malware analysis, and incident reporting in close coordination with NIH/OD OIT leadership and enterprise cybersecurity organizations.
This is a full-time position with work performed primarily offsite, though travel to NIH/OD facilities in the Bethesda, MD area will be required on an as-needed basis. Core hours are Monday-Friday, 7:00 AM - 6:00 PM EST, and after-hours support for emergency incidents will be required as needed by NIH/OD. Position is contingent upon award and client approval.
Primary Duties
Lead 24x7 Security Operations
Required Qualifications
Education & Experience
Preferred Qualifications
Clearance
Salary Range
Devis is an AA/EOE/M/F/Disabled/VET Employer committed to providing equal employment opportunity without regard to an individual's race, color, religion, age, gender, sexual orientation, veteran status, national origin or disability.
Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.
Job Overview
The SOC / Incident Response Lead serves as the operational leader for 24x7x365 security monitoring and incident response under the Information Security Program Support Services (ISPSS) effort supporting the NIH Office of the Director, Office of Information Technology (OD OIT), responsible for leading Tier 1 detection and triage and Tier 2/3 forensics, threat hunting, and cyber threat intelligence across the NIH/OD-OIT managed environment. This role drives execution across incident detection, triage, investigation of suspected intrusions within 30 minutes, containment and recovery, digital forensics (NIST SP 800-86), malware analysis, and incident reporting in close coordination with NIH/OD OIT leadership and enterprise cybersecurity organizations.
This is a full-time position with work performed primarily offsite, though travel to NIH/OD facilities in the Bethesda, MD area will be required on an as-needed basis. Core hours are Monday-Friday, 7:00 AM - 6:00 PM EST, and after-hours support for emergency incidents will be required as needed by NIH/OD. Position is contingent upon award and client approval.
Primary Duties
Lead 24x7 Security Operations
- Direct real-time, 24x7x365 security log collection, monitoring, alerting, and event analysis across the OIT-managed environment
- Perform incident triage on all incidents to determine scope, urgency, and operational impact
- Investigate suspected intrusions and suspicious activity within 30 minutes of detection
- Ensure accurate, consistent incident categorization and ticketing
- Lead detection, triage, analysis, containment, eradication, recovery, and post-incident reporting
- Oversee Tier 2/3 digital forensics, evidence preservation, and chain of custody compliant with NIST SP 800-86
- Conduct malware analysis, reverse engineering, and analysis of suspicious websites, emails, and payloads
- Deliver Security Incident Tickets/Reports within 1 hour of detection and Incident Response After Action Reports
- Lead Advanced Persistent Threat (APT) hunting across the managed environment
- Operate an active Cyber Threat Intelligence (CTI) program to collect, correlate, and disseminate relevant intelligence and IOCs
- Support collaboration with OCIO threat intelligence / Fusion Center activities
- Provide engineering support to the SOC and Incident Response Team and ensure proper configuration of SOC-managed tools and agents
- Lead annual incident response tabletop exercises and implement lessons learned
- Produce the Monthly Forensic Activity Summary and related metrics
Required Qualifications
Education & Experience
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience)
- Minimum 7 years in security operations / incident response, including SOC team leadership
- Demonstrated experience with digital forensics, malware analysis, and threat hunting in enterprise environments
- One or more incident response/forensics certifications: GCIH, GCIA, or GCFA (or comparable)
- CISSP strongly preferred
- Hands-on expertise with SIEM, EDR, and IDS/IPS platforms and security log analysis
- Forensic tooling and evidence handling consistent with NIST SP 800-86 and Federal Rules of Evidence
- Familiarity with US-CERT incident notification guidelines and federal reporting timelines
- Calm, decisive leadership during active incidents and crisis coordination
- Strong written reporting and clear escalation communication
Preferred Qualifications
- Experience supporting NIH/HHS or other federal SOC operations
- Cloud monitoring/IR experience (e.g., Azure, AWS)
- Experience standing up or maturing CTI programs
Clearance
- Must be able to obtain and maintain the NIH/OD/OIT required clearance level and complete all suitability/onboarding requirements
Salary Range
- $110,000 - $130,000
Devis is an AA/EOE/M/F/Disabled/VET Employer committed to providing equal employment opportunity without regard to an individual's race, color, religion, age, gender, sexual orientation, veteran status, national origin or disability.
Government Careers
Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
MORE JOBS
-
Unit Supply Specialist - Start Your Career with the US Army
- Evans, Georgia
- U.S. Army Reserve
- Jul 05, 2026
-
Huntsville Fall 2026 Internships & Entry-Level Roles in STEM
- Huntsville, Alabama
- Northrop Grumman
- Jul 05, 2026
-
C-UAS Engineer - RDT&E Lead (Secret Clearance Eligible)
- New York, New York
- LMI Government Consulting
- Jul 05, 2026
-
35F Intelligence Analyst
- Caldwell, Idaho
- National Guard OMD
- Jul 05, 2026
-
Project Specialist - TS/SCI Polygraph Required
- Reston, Virginia
- Leidos
- Jul 05, 2026
-
Aircrew Rescue Swimmer & Navy Diver
- Los Altos, California
- U.S. Navy
- Jul 05, 2026