P

Cybersecurity Incident Handler

Job Description - Cybersecurity Incident Handler


Location: Amarillo, TX - Pantex Plant
Job Title:
Cybersecurity Incident Handler 
Career Level From: Associate
Career Level To: Senior Associate 
Organization: Cyber Operations (51130640)
Job Specialty: Cyber Security 
 


What You'll Do

We are seeking a highly skilled and motivated Cybersecurity Incident Handler with a specialized focus on Incident Coordination, Analysis, Threat Containment, and Response. In this critical role, you will be the cornerstone for actively monitoring, detecting, and responding to security events that threaten our enterprise. We are looking for a dedicated analyst with a solid foundational understanding of security operations, capable of analyzing escalated security events, conducting deep-dive investigations, and executing initial containment activities. You will play an instrumental role in defending our hybrid (on-premises and cloud) environments from a rapidly changing threat landscape.


Your core responsibilities will include:



  • Advanced Incident Handling & Response: Serve as the primary driver for investigating escalated security incidents. Conduct deep-dive root-cause analysis of complex security events to determine the path, scope, and impact of potential compromises.

  • Incident-Driven Splunk Querying & Correlation: Utilize Splunk as an investigative powerhouse during active incidents. Develop target-focused Splunk queries (SPL) and search parameters to correlate logs, map threat actor activities, and trace attack paths.

  • Hybrid Environment Incident Investigation: Investigate security events and anomalous behaviors across a complex, hybrid infrastructure, including on-premises Active Directory, system endpoints, and cloud-native environments (such as Microsoft Azure/M365 and Amazon Web Services (AWS).

  • Network Artifact & Traffic Analysis: Apply a strong understanding of network security principles and core networking protocols (e.g., Transmission Control Protocol (TCP)/Internet Protocol (IP), Domain Name System (DNS), Hypertext Transfer Protocol/Secure (HTTP/S), Simple Mail Transfer Protocol (SMTP) to analyze network packet captures, firewall logs, and security appliance detections during incident investigations.

  • Endpoint & Email Threat Remediation: Review endpoint telemetry from Endpoint Detection and Response (EDR) solutions and analyze email security logs (such as email gateways) to contain and remediate active threats like malware, ransomware, and phishing campaigns.

  • Playbook Execution & Containment Actions: Execute established incident response playbooks to contain active threats, limit damage, and coordinate remediation efforts. Collaborate with senior systems engineers, network administrators, and infrastructure teams to ensure complete threat eradication.

Who You Are


  • An End-to-End Incident Handler: You don't just close isolated alerts; you have lived through the entire lifecycle of real-world attacks. You understand how threat actors think and operate, tracking them from the initial point of entry all the way through lateral movement to final eradication.

  • A Dedicated Incident Investigator: You excel at digging into logs, connecting disparate data points, and identifying the root cause of complex security incidents.

  • A Collaborative Security Partner: You’re a strong team contributor who enjoys collaborating with security engineering, systems administration, and desktop support teams to resolve active incidents.

  • A Proactive Problem Solver: You possess an exceptional ability to anticipate potential security challenges within systems and networks, actively identifying logging gaps and suggesting detection rule optimizations.

  • An Efficient Communicator: You can clearly document incident timelines and explain technical security events to both technical peers and non-technical stakeholders.

Preferred Skills and Expertise


  • Proven experience tracking and investigating security incidents through the entire attack lifecycle (e.g., Cyber Kill Chain, MITRE ATT&CK) from initial delivery and execution, through lateral movement, action on objectives, containment, and eradication.

  • Hands-on experience writing queries and analyzing data in Splunk (or other major enterprise SIEM platforms) to investigate incident-related data.

  • Demonstrated experience triaging, investigating, and containment-handling of escalated cybersecurity incidents.

  • Solid understanding of network security principles, including networking protocols (TCP/IP, DNS, HTTP/S, SMTP), firewall concepts, and network traffic flow.

  • Familiarity with both Windows and Linux operating systems, including system event logs, registry structures, and basic command-line navigation.

  • Familiarity with common enterprise security tools, such as Endpoint Detection and Response (EDR) and Email Security Gateways.

  • Ability to follow structured incident response playbooks and meticulously document investigation findings.

Minimum Job Requirements



  • Bachelor's degree in engineering/science/information technology discipline.

  • OR Master's degree in engineering/science/information technology discipline.

  • OR Applicants without a bachelor's degree may be considered based on a combination of at least 8 years of completed education and/or relevant experience.


Department of Energy (DOE) Order 426.2A Requirements


  • Not Applicable

Preferred Job Requirements


  • Proven, direct experience using Splunk (or other Security Information and Event Management (SIEM)) as a primary tool for querying, search optimization, and log analysis in a security operations capacity.

  • Relevant advanced industry certifications such as SysAdmin, Audit, Network, and Security (SANS) Global Information Assurance Certification (GIAC) (e.g., GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), GIAC (Certified Intrusion Analyst (GCIA) or Splunk Certifications (e.g., Splunk Core Certified Power User, Splunk Enterprise Certified Admin).

  • Proven experience investigating threats in hybrid environments, with a strong operational understanding of cloud-native security controls (specifically Microsoft Azure/M365).

  • Hands-on experience with Cisco network security tools (e.g., Cisco Firewalls, Cisco Secure Email/IronPort) or other major network defense systems.

  • Hands-on experience protecting Operational Technology (OT) and Industrial Control Systems (ICS) environments, with familiarity using specialized OT security monitoring and visibility platforms such as Nozomi Networks.

  • Prior experience using the MITRE ATT&CK framework to map threat actor behaviors and guide investigations.




#JointheMission: Your Impact Starts Here



At Pantex, you won't just find a job—you’ll discover a career of purpose safeguarding national security through work performed nowhere else on Earth. We empower dedicated, innovative individuals like you to achieve their greatest impact surrounded by exceptional talent and limitless opportunities for professional growth.

 

When you #JointheMission, you choose a lifetime career where your commitment is genuinely valued and rewarded. At Pantex, we believe that extraordinary talent thrives when supported by a balanced life. Discover the flexibility that empowers you to excel, coupled with a benefits package designed for your total peace of mind from comprehensive health coverage and robust retirement planning, to opportunities for continuous learning through education reimbursement.




Notes



The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.

 

If a range of Career Levels is posted, i.e., Senior Associate to Senior Specialist, internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.

 

Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.

 

Position may require entry into Materials Access Areas (MAA) and participation in the Human Reliability Program (HRP). If HRP is required, candidate must complete a counterintelligence-scope polygraph, pursuant to 10 Code of Federal Regulations (CFR) 709. Medical requirements may apply.

 

Pantex is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical, drug screening and background investigation. As an employee, you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to random selection for drug testing without advance notification.

 

Pantex is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, age, religion, national origin, ancestry, genetic information, disability or veteran status.


Original job Cybersecurity Incident Handler posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.
Share Job
Share Job

Similar Cybersecurity Incident Handler Jobs in the US

GrabJobs is the no1 job portal in the US, connecting you to thousands of jobs fast! Find the best jobs in the US, apply in 1 click and get a job today!

Mobile Apps

Copyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.