Ascension LLC is seeking a highly analytical and operationally focused Risk & Incident Response Analyst to support a comprehensive IT Policy Assessment and Incident Response modernization effort.

This role is critical to ensuring that cybersecurity policies are not merely theoretical, but operationally executable and aligned to real-world incident handling requirements. The selected candidate will be responsible for strengthening the client’s vulnerability management lifecycle and formalizing Incident Response Plan (IRP) procedures across detection, analysis, containment, eradication, recovery, and post-incident activities.

The ideal candidate will bring demonstrated experience in vulnerability classification, risk prioritization frameworks, incident response lifecycle development, and security operations coordination within regulated or public-sector environments.

This is an ideal opportunity for a cybersecurity professional who:

• Has deep knowledge of NIST-based incident response practices
• Understands how to translate policy into operational workflows
• Is comfortable identifying control gaps and recommending practical mitigation strategies
• Thrives in structured but evolving environments

Summary of the Contractor Role

The Risk & Incident Response Analyst will lead the development and operationalization of vulnerability management standards and formal incident response procedures.

The candidate will evaluate current-state cybersecurity controls, identify control gaps, assess preparedness levels, and design structured processes to improve detection, response, reporting, and recovery capabilities.

This role requires someone who is:

• Detail-oriented and methodical
• Skilled at translating regulatory standards into actionable processes
• Capable of working independently with minimal supervision
• Able to manage multiple priorities and deliver high-quality documentation
• Comfortable facilitating tabletop exercises and stakeholder sessions

The analyst will use structured risk methodologies aligned to frameworks such as:

• NIST SP 800-61 (Computer Security Incident Handling Guide)
• NIST SP 800-53
• CIS Controls
• Industry-standard vulnerability management lifecycle practices

This role ensures the organization has defensible, auditable, and operationally viable incident response and vulnerability management processes.

Day-to-Day / Core Responsibilities

The Risk & Incident Response Analyst will:

• Develop and document vulnerability classification and prioritization methodology
• Establish risk scoring models and remediation timelines based on severity and impact
• Define standardized reporting mechanisms for vulnerability tracking and incident notification
• Design mitigation and remediation workflow procedures
• Develop formal Incident Response Plan (IRP) documentation covering:
  • Detection
  • Analysis
  • Containment
  • Eradication
  • Recovery
  • Post-incident lessons learned
• Identify and document existing cybersecurity control gaps
• Conduct preparedness assessments against industry frameworks
• Develop mitigation recommendations aligned with risk tolerance
• Facilitate or support tabletop exercises to validate response readiness
• Draft executive-level summaries and technical documentation
• Coordinate with IT, security, and leadership stakeholders to ensure policy adoption
• Develop operational playbooks and workflow diagrams
• Support continuous improvement updates to IRP documentation