Incident Response Specialist

Incident Response SpecialistLocation: Hampton, VA / Wallops Island, VATravel: As needed to support NASA sitesClearance: Active Secret clearance required; ability and willingness to obtain Top SecretCitizenship: US Citizenship requiredAbout GrimmGrimm is an innovative, forward-looking cybersecurity organization focused on solving complex technical challenges across hardware, firmware, and software systems. Our teams specialize in reverse engineering, vulnerability research, and security engineering, supporting mission-critical efforts across national security, defense, and critical infrastructure sectors.Our work is rooted in real-world operational experience identifying advanced threats, uncovering critical vulnerabilities, and developing meaningful solutions to complex problems. Grimm engineers operate across embedded systems, vehicles, IoT, and enterprise technologies, with a focus on understanding systems deeply and demonstrating real-world impact.We are a highly technical and hands-on organization. Our engineers and researchers specialize in breaking systems, discovering vulnerabilities, and improving resilience—working directly with real hardware and software to understand how systems function and how they fail.About the RoleGrimm is seeking Incident Response Specialists to support the NASA CyPRESS program and help defend NASA enterprise networks against global cyber threats.In this role, you will provide full-spectrum support to NASA's Security Operations Center incident response mission, including incident identification, containment, eradication, recovery, investigation, analysis, reporting, and follow-up. You will support efforts to protect, detect, and respond to unauthorized activity affecting NASA information, information systems, and networks.We're looking for individuals with strong incident response experience, sound technical judgment, and the ability to operate effectively in a mission-focused environment supporting NASA cybersecurity operations.What You'll DoSupport NASA Security Operations Center incident response activities across identification, containment, eradication, recovery, investigation, analysis, reporting, and follow-upAssist in coordinating responses to agency-wide or significant cybersecurity incidentsAnalyze cyber threat reporting, including SOC reports and DHS/CISA directives, and recommend appropriate actionsDevelop initial, final, and after-action incident reports, including root cause analysis and lessons learnedDocument incident response activities, technical details, reports, and incident status in NASA's authoritative incident management systemPrepare reports, assessments, briefings, and recommendations related to cybersecurity incidentsRecommend rules, policies, and logging requirements for incident detection and response toolsSupport weekly, monthly, quarterly, and annual incident response metrics and trend reportingAssist with requirements and configurations for incident management systems and other IR toolsSupport mitigation and correction of identified security deficienciesSupport local NASA sites and, as needed, other NASA locationsRequired QualificationsActive Secret clearanceAbility and willingness to obtain Top Secret clearanceUS CitizenshipDemonstrated understanding of cyberattacks and potential impacts against enterprise IT systemsExperience supporting incident response, mitigation, and recovery effortsExperience with incident documentation, reporting, analysis, and coordinationAbility to prepare and present technical reports, assessments, briefings, and recommendationsFamiliarity with cybersecurity incident response processes, procedures, and best practicesOne or more DoD 8570.01-M approved baseline certifications, such as Network+, CySA+, CISSP, GSEC, or similarAbility to work a standard Monday–Friday schedule with core business hoursPreferred / Nice to HaveExperience supporting federal cybersecurity or Security Operations Center environmentsExperience supporting NASA or other federal civilian agency environmentsFamiliarity with DHS/CISA Federal Incident Notification GuidelinesFamiliarity with NIST incident response guidance and federal cybersecurity reporting requirementsExperience with PalantirExperience applying AI or automation to cybersecurity operations, incident response, analysis, or reportingExperience developing incident response metrics, trend analysis, and executive-level reportingAbility to support multiple NASA sites or travel as mission needs requireBenefitsGrimm offers a comprehensive benefits package that includes medical, dental, and vision coverage, life and disability insurance, retirement benefits, paid leave, and opportunities for tuition assistance and ongoing professional development.Why GrimmYou'll be working alongside highly specialized engineers and researchers tackling challenging problems in embedded security and reverse engineering. Our work directly supports national security missions and requires a high level of technical ownership, creativity, and precision.If you enjoy working hands-on with hardware, digging into complex systems, and pushing your technical skills further, you'll find this environment both challenging and rewarding.Equal Opportunity EmployerGrimm is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, genetic information, veteran status, or any other characteristic protected by applicable federal, state, or local laws.