Cybersecurity Blue Team Lead
About The Position
This role involves leading Blue Team operations to support defensive cybersecurity initiatives for a federal customer. The position requires developing and implementing assessment methodologies using frameworks like MITRE ATT&CK and NIST Cybersecurity Framework, conducting pre-engagement assessments to identify vulnerabilities, and creating detailed mitigation plans. The lead will also produce assessment reports, facilitate post-engagement sessions, perform follow-on assessments, and lead cyber exercise planning and execution. Collaboration with threat hunting, detection engineering, incident response, and intelligence teams is crucial. The role includes providing executive and technical briefings, developing metrics for defensive posture improvement, maintaining Blue Team documentation, and participating in stakeholder meetings. Identifying and recommending improvements across people, process, and technology, and staying updated on emerging threats are also key responsibilities.
Requirements
- Bachelor’s degree in Computer Science, Information Technology, or a related field
- Minimum of 5 years of experience in cybersecurity or IT project delivery, including development of policies, procedures, technical standards, and workflows
- At least 3 years of experience delivering cybersecurity services, including planning, managing, and executing cybersecurity assessments and producing formal reporting deliverables
- Certification required: CISA or CISSP
- Ability to obtain and maintain a Public Trust clearance
Responsibilities
- Lead Blue Team operations supporting defensive cybersecurity initiatives for the federal customer
- Develop and implement methodologies for assessing environments using industry frameworks such as MITRE ATT&CK, NIST Cybersecurity Framework, and best practices
- Conduct pre-engagement assessments to identify vulnerabilities, misconfigurations, and security control weaknesses
- Develop detailed mitigation plans outlining technical gaps, risks, remediation actions, required resources, and expected outcomes
- Produce assessment reports and documentation to support improvement prior to adversary emulation activities
- Facilitate post-engagement sessions to review findings and provide detailed recommendations based on adversary simulation results
- Perform follow-on assessments to evaluate residual risk and effectiveness of implemented controls
- Lead and support cyber exercise planning and execution, including governance, coordination, and facilitation
- Design and conduct tabletop exercises, simulated cyber events, and operational readiness activities
- Partner with threat hunting, detection engineering, incident response, and intelligence teams to support defensive operations
- Provide executive and technical briefings summarizing findings, risks, and recommended improvements
- Develop metrics, dashboards, and reporting to track improvements in defensive posture
- Maintain SOPs, operational procedures, and governance documentation for Blue Team activities
- Participate in recurring technical and programmatic meetings with stakeholders
- Support transition activities, knowledge transfer, and operational readiness efforts
- Identify gaps across people, process, and technology and recommend continuous improvements
- Stay informed on emerging threats, adversary techniques, and defensive technologies
Benefits
- 3 weeks of Personal Leave your first year
- 11 paid Holidays each year
- 5 days of Flexible Time Off each year
- 401(k) company match at 50% up to 10% of your salary
- Medical, Dental and Vision Insurance
- Life and Disability Insurance
- Public Transportation Subsidies
- Certifications and Training Allowance - Up to $5,000/year!
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
