Cyber Operations Team Lead

About The Position

Requirements

• Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related technical field. Master’s degree preferred.
• Experience: At least 7–10 years of increasingly responsible experience in cyber operations, including at least 3 years leading SOC or multidisciplinary security teams in a federal or critical infrastructure environment.
• Certifications: CISSP, CISM, or GIAC (e.g., GCIA, GCFA) required; Splunk certifications (e.g., Splunk Certified Administrator), or other relevant security operations credentials, preferred.
• Knowledge/Skills: In-depth knowledge of SOC procedures, digital forensics methodologies, and incident response lifecycle
• Hands-on experience with Splunk administration, SIEM platforms, and enterprise security toolsets
• Demonstrated ability to manage and mentor cross-functional technical teams
• Strong analytical, critical thinking, and crisis management capabilities
• Familiarity with federal security compliance standards (FISMA, NIST SP 800-53)
• Excellent verbal and written communication skills
• Security Requirements Must be able to obtain and maintain the Secret security clearance.

Nice To Haves

• Master’s degree preferred.
• Splunk certifications (e.g., Splunk Certified Administrator), or other relevant security operations credentials, preferred.
• Preferred Secret or L clearance needed to be considered.

Responsibilities

• SOC Management: Oversees all SOC operations, ensuring prompt detection, triage, escalation, and remediation of security incidents. Maintains and enforces incident response protocols, monitoring standards, and escalation criteria. Coordinates threat intelligence collection, analysis, and dissemination.
• Digital Forensics:: Directs forensic analysis of security incidents and coordinates digital evidence preservation in accordance with applicable laws and BPA policy. Provides technical leadership during high-priority investigations and post-incident activities. Ensures forensic readiness and tool optimization.
• Service Desk Oversight: Supervises service desk personnel supporting IT security incidents and routine service requests. Establishes processes for ticket tracking, timely resolution, escalation, and root cause analysis. Ensures high customer satisfaction and responsiveness.
• Splunk Consulting: Leads implementation, configuration, and tuning of Splunk solutions for security monitoring and log analytics. Oversees dashboard/report development, data ingestion pipelines, and advanced correlation to support monitoring and compliance. Provides guidance and knowledge sharing on best practices.
• Tools Management: Manages the deployment, integration, and maintenance of security tools, including EDR, SIEM, and vulnerability management solutions. Maintains inventory and lifecycle management for all cyber tools. Evaluates new technologies to enhance operational capabilities.
• Team Leaddership: Leads, mentors, and develops a multidisciplinary cyber operations team. Assigns tasks, monitors performance, conducts training, and fosters a collaborative, proactive team culture. Ensures staff are current on emerging threats and best practices.
• Compliance and Reporting: Ensures adherence to FISMA, NIST, and BPA-specific cybersecurity requirements. Maintains operational documentation, prepares incident and activity reports, and supports audit readiness. Coordinates with the Reporting and Communications Team Lead and Program Manager.