CSSP Analysis Team Lead
About The Position
FEDITC seeks a CSSP Analysis Team Lead to work in the Indianapolis IN area, to direct 24/7 cybersecurity analysis, threat monitoring, and incident response operations for the DFAS Cybersecurity Service Provider (CSSP) program. This position provides subject matter expertise in security event correlation, threat intelligence, and incident handling across all DFAS CCE enclaves including unclassified and classified networks. An active Top Secret/SCI security clearance and a United States Citizenship is required to be considered for this position. On-site presence required at designated location
Requirements
- Minimum 10 years of cybersecurity analysis experience in DoD or Federal environments with increasing responsibility
- Expert-level knowledge of security event analysis, threat correlation, and incident response methodologies
- Demonstrated expertise with enterprise SIEM platforms (Splunk, ArcSight, Microsoft Sentinel)
- Experience with cyber incident handling per NIST 800-61 and DoD incident reporting requirements
- Strong knowledge of threat intelligence, malware analysis, and forensic investigation techniques
- Experience with vulnerability management programs (ACAS, Nessus) and penetration testing
- In-depth understanding of NIST 800-53, DISA STIGs, and DoD cybersecurity frameworks
- Knowledge of DoD CSSP requirements, evaluations, and JFHQ-DODIN reporting
- Proven ability to lead security analysis teams in high-pressure 24/7 operational environments
- Ability to support COOP exercises and emergency operations
- Cyber Defensive Analyst (Advanced) Playlist and CySA+ (or equivalent per 511 A)
- Computing Environment (CE) certification required for privileged access roles
- Must obtain and maintain all mandatory DoD 8140 certifications
- BA/BS Degree
- Active Top Secret/ SCI clearance is required.
- Must be a United States Citizen and pass a background check.
- Maintain applicable security clearance(s) at the level required by the client and/or applicable certification(s) as requested by FEDITC and/or required by FEDITC’S Client(s)/Customer(s)/Prime contractor(s).
Nice To Haves
- GIAC certifications (GCIA, GCIH, GCFA, GNFA)
- SANS DFIR certifications or equivalent
- Experience with classified network (JWICS) security operations
- Splunk Certified Security Analyst or equivalent
- Experience leading threat hunting programs
- DFAS or DoD financial system security operations experience
Responsibilities
- Lead and supervise CSSP Analysis staff delivering 24/7 security event monitoring, analysis, and incident response
- Direct real-time security event correlation, threat detection, and analysis using SIEM platforms (Splunk, ArcSight, Microsoft Sentinel)
- Manage cyber security incident response including detection, containment, eradication, and recovery operations
- Oversee threat intelligence integration, indicator of compromise (IOC) analysis, and threat hunting activities
- Coordinate internal and external incident reporting per JFHQ-DODIN, Cyber Command, and DFAS requirements
- Lead audit support, security assessments, and compliance validation activities
- Direct vulnerability analysis, penetration testing coordination, and remediation tracking
- Develop and maintain incident response plans, playbooks, and analysis procedures
- Support CSSP program operations including accreditation documentation and scoring metric compliance
- Coordinate with DFAS ISSM, security teams, and external stakeholders on security incidents and finding
- Ensure 100% compliance with DoD CSSP Evaluators Scoring Metrics and reporting requirements
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
51-100 employees
