The Information Systems Agency of Armenia (ISAA) is supporting the creation of the Armenian e-society. In collaboration with the Government and the Central Bank of Armenia, our mission is to implement key standards for how public services and digital projects should be delivered. Our guiding standard is the “Digital Architecture of Armenia,” a Government-approved approach that places interoperability, security, and high-quality service delivery as its core pillars.
Our team consists of technology and policy-making specialists from various sectors. We work transparently, engaging both public and private sectors, to help Armenia realize its goal of becoming a truly electronic society.

As a Cyber Incident Responder, you will investigate and respond to cybersecurity incidents, coordinate response activities with affected organizations, and contribute to improving national cyber resilience through lessons learned, playbooks, and exercises.

AM-CERT operates continuously and coordinates with national and international partners. This role may include on-call or shift-based duties depending on operational needs.

·        Perform incident triage: validate alerts, determine severity and impact, scope affected assets, and recommend immediate containment actions.

·        Investigate incidents across endpoint, network, cloud, and application environments using logs, telemetry, and forensic artifacts.

·        Coordinate containment, eradication, and recovery activities with system owners, service providers, and other stakeholders, including on-site support when required.

·        Collect, preserve, and document evidence using forensically sound methods and maintain chain-of-custody where applicable.

·        Produce high-quality incident reports, after-action reviews, and actionable recommendations for remediation and long-term risk reduction.

·        Develop, maintain, and test incident response playbooks, SOPs, and technical runbooks for common incident types (e.g., ransomware, DDoS, data breaches).

·        Support proactive activities such as threat hunting, vulnerability and malware analysis, and publication of guidance or advisories when appropriate.

·        Participate in national cyber exercises, tabletop simulations, and training activities; contribute to mentoring and knowledge sharing within the team.

·        3+ years of hands-on experience in incident response, SOC operations, DFIR, or cyber roles.

·        Strong understanding of incident response methodologies and practical experience across the incident lifecycle (detection, analysis, containment, eradication, recovery, and lessons learned).

·        Solid knowledge of networking and operating systems (Windows and Linux) and the ability to analyze logs and network traffic.

·        Experience using security tooling such as SIEM, EDR, network monitoring, and forensic utilities.

·        Strong documentation and reporting skills; ability to communicate clearly during high-pressure situations.

·        High integrity, discretion, and ability to handle sensitive information responsibly.

Preferred experience

·        Experience working in a CERT/CSIRT, critical infrastructure environment, or supporting cross-organization incident coordination.

·        Practical experience with forensic triage and evidence handling, malware analysis, or reverse engineering.

·        Familiarity with threat actor TTPs and frameworks such as MITRE ATT&CK.

·        Experience producing public-facing guidance (advisories, alerts) and applying information-sharing practices such as the Traffic Light Protocol (TLP).

·        Professional working proficiency in Armenian and English.

Certifications we value

Certifications are an advantage. Examples include:

·        GIAC (GCIH, GCIA, GCFA/GCFE, GMON) or equivalent DFIR/blue team certifications

·        CompTIA CySA+ or Security+

·        CISSP (for more senior incident response profiles)

·        Vendor certifications aligned to SOC/EDR/SIEM tooling

Please send your CV to hr@isaa.am, ensuring you mention the position name in the subject line of the email.