CISA hires incident response lead

The Cybersecurity and Infrastructure Security Agency posted a USAJobs vacancy on May 11 for a Cybersecurity Incident Response Team Lead, a role that would oversee responses to serious intrusions affecting federal networks and critical infrastructure. The Arlington, Virginia-based job sits inside CISA’s Cybersecurity Division and is being filled under a direct-hire authority, according to the federal job posting. The position is classified as an IT Cybersecurity Specialist at the GS-13/14 level, with pay starting at $121,785 a year. The listing says the selectee may be required to serve a one-year probationary period. ### What does the job say the person will actually do? The USAJobs posting says the role includes “serving as an incident response lead” and “proactive/persistent hunt lead” while also taking on project and technical leadership for CISA’s Hunt Branch. The duties include leading teams that respond to “critical network intrusions” affecting the federal government, state, local, tribal and territorial entities, and the nation’s critical infrastructure and key resources, the listing says. (usajobs.gov) The announcement also says the hire would support complex information technology and operational technology security projects, brief senior government officials and congressional staff on incidents of national importance, and oversee analysis tied to network integrity, incident response and proactive threat hunting. The posting adds that the role includes leadership over contracts and procurements and work on technical roadmaps covering network, endpoint, industrial control system, operational technology and cloud-based analysis. (usajobs.gov) ### Where does this role sit inside CISA? CISA places the job in its Cybersecurity Division, the agency unit it describes as the federal government’s flagship civilian cyber defense organization. On its website, CISA says that division is responsible for defending and securing cyberspace, strengthening resilience of national critical functions and working with public- and private-sector partners on cyber defense. (usajobs.gov) CISA’s Cybersecurity Division says one of its subdivisions is Threat Hunting, which provides technical capabilities and expertise to understand and remediate adversary activity through detections, partnerships, forensics, incident response and threat-hunting missions. That description aligns closely with the vacancy’s emphasis on incident leadership and persistent hunt work. (usajobs.gov) ### Why does the posting mention both IT and OT systems? The job announcement explicitly says the lead would work on both information technology and operational technology security projects. That distinction matters because CISA’s mission covers critical infrastructure, where industrial environments often rely on operational technology and industrial control systems rather than standard enterprise IT alone. (cisa.gov) CISA’s public materials say it provides cybersecurity information, assessments and incident response assistance to non-federal entities to support risk management of critical functions. The agency also maintains a separate work-role description for cyber defense incident responders that includes collecting intrusion artifacts, coordinating incident response functions, conducting forensically sound collection and publishing after-action reviews. (usajobs.gov) ### How senior is this opening? The vacancy is listed at the GS-13/14 level, which places it above many entry and mid-level federal cyber roles and signals a senior operational position. The posting says the hire will provide briefings to senior government officials, congressional members and staff, and senior management at private-sector organizations on incidents of national importance. (cisa.gov) The same listing says the person would represent CISA at conferences, meetings and interagency working groups and discuss advanced technical issues tied to technologies considered useful to the program. Those duties suggest the role combines hands-on incident work with management and external coordination responsibilities. ### Where can candidates find it, and what happens next? USAJobs lists the opening as “Cybersecurity Incident Response Team Lead” under the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in Arlington, Virginia. (usajobs.gov) The posting says applications opened on May 11, 2026, and close on May 25, 2026, and that the position is open to U.S. citizens. (cybersecurity.usajobs.gov)