CSSP Team Lead

About The Position

Requirements

• Minimum active DoD Secret clearance with the ability to obtain TS/SCI.
• Bachelor's degree and 8+ years of relevant experience; equivalent work experience and/or military service may be considered in lieu of a degree.
• Current DoD 8570 IAT Level II certification (or higher), such as CompTIA Security+ CE, ISC2 SSCP, or SANS GSEC (or equivalent).
• Ability to obtain DoD 8570 CSSP-A Level Certification (e.g., CEH, CySA+, GCIA, or equivalent) within 180 days of hire.
• Strong foundation in networking, including packet analysis, common ports and protocols, and traffic flow.
• Knowledge of the OSI model, defense-in-depth security principles, and common security elements for effective threat detection, analysis, and mitigation as a SOC Security Analyst.
• Proven ability to work effectively both independently and as a collaborative team member, demonstrating initiative and a strong work ethic in both settings.
• Committed to continuous learning and self-improvement in the cybersecurity domain, as evidenced by ongoing pursuit of certifications, active participation in industry forums, and dedication to staying ahead of emerging threats and technologies.
• Excellent problem-solving skills, including the ability to collaborate effectively with cross-functional teams to address complex security challenges in real-world scenarios. This includes the ability to communicate technical information clearly and concisely, build consensus, and drive solutions to completion.
• Reliable and flexible, with a demonstrated willingness to work assigned shifts to support operational requirements and team objectives.
• Located within a commutable distance (within 2 hours) or able to relocate to Hill AFB, UT; Scott AFB, IL; or Columbus, OH.

Nice To Haves

• Prior experience working with the Defense Information Systems Agency (DISA) and/or Department of Defense (DoD) networks.
• Advanced knowledge of TCP/IP, common networking ports and protocols, traffic flow analysis, system administration principles, the OSI model, defense-in-depth strategies, and standard security components.
• In-depth expertise in the architecture, engineering, and operational aspects of at least one enterprise-grade SIEM platform (e.g., ArcSight, QRadar, LogLogic, Splunk, Elastic).
• Demonstrated experience with malware analysis concepts and methodologies.
• Advanced certifications such as SANS GIAC (e.g., GCIA, GCIH, GLSC) or CompTIA CASP+.
• Experience implementing intelligence-driven defense strategies and/or utilizing the Cyber Kill Chain framework.
• A minimum of two (2) years of experience managing cross-functional cybersecurity teams.

Responsibilities

• Cybersecurity Monitoring & Analysis: Investigate alerts generated from endpoints, IDS/IPS, NetFlow data, and custom sensors to detect compromises on customer networks.
• Analyze extensive log files, pivot between diverse datasets, and correlate evidence to support incident investigations, creating detailed technical reports outlining your findings.
• Triage security alerts to rapidly identify malicious actors targeting customer networks.
• Monitor and analyze DoD and open-source intelligence feeds to identify Indicators of Compromise (IOCs) and integrate them into security sensors and SIEMs.
• Report security incidents to customers and USCYBERCOM, ensuring timely communication and coordinated response.
• Team Leadership & Development: Leads and supports assigned personnel by: Conducting regular employee engagement activities.
• Collaborating with Operations Managers to support employee training, performance management/development, and performance reviews.
• Maintaining consistent and effective communication with Operations Leads, the chain of command, and Human Resources, as needed, to address employee performance and development matters.
• Ensures the consistent implementation and adherence to leadership directives and organizational policies in collaboration with Operations Managers