Cybersecurity Operations Lead

About The Position

Requirements

• Related Bachelor’s degree and 8+ years of prior relevant experience; higher-level Cyber certifications may be substituted in lieu of degree.
• Meet DoD 8140 Advanced Proficiency Level
• Must have DoD Secret security clearance to start on the program
• Must be a U.S. Citizen
• Experience providing guidance and direction to a team of 15+ with project and time management skills
• In-depth understanding of advanced cybersecurity concepts and processes with experience applying them with little to no guidance
• Ability and willingness to support occasional shift work as needed
• Experience using the following key technologies: Splunk and Elastic as Security Information & Event Management (SIEM) tools, Networking Monitoring & Security (NMS), Firepower Intrusion Detection System (IDS), Microsoft Defender for Endpoint & Sentinel , Microsoft Power Suite (Apps, BI, Automate), Wireshark, MITRE ATT&CK Framework, Zero Trust Architecture
• Familiarity with the following: Networking Monitoring & Security (NMS), Cisco Firepower Intrusion Detection System (IDS)
• Motivated self-starter with strong written and verbal communication skills and the ability to translate complex technical reports on analytic findings for a non-technical audience
• Demonstrated hands-on experience managing high volumes of logs, network data, and other artifacts in support of incident investigations and a high standard for attention to detail

Nice To Haves

• Bachelor’s or Master’s degree in Cybersecurity
• DoD Top Secret security clearance

Responsibilities

• Ensure Mission Coverage: Manage your team’s schedule to ensure uninterrupted operational support, 24/7/365, modifying shifts as needed to meet staffing requirements.
• Oversee Incident Response: Guide the team in real-time monitoring of security tools (SIEM, IDS, etc.), ensuring immediate and accurate identification, analysis, triage, and reporting of cybersecurity events.
• Technical Guidance: Serve as the primary technical leader for the team. Mentor analysts in advanced analysis of network traffic, packet captures, and logs to identify threats and anomalous activity.
• Threat Intelligence Integration: Ensure the team understands and applies knowledge of adversary tactics, techniques, and procedures (TTPs), leveraging frameworks like MITRE ATT&CK and the Cyber Kill Chain to characterize and prioritize incidents.
• Quality Assurance: Review incident reports, situation awareness reports, and all other products created by the team to ensure they are accurate, well-documented, and actionable for leadership and mission partners.
• Knowledge Management: Enforce disciplined use of knowledge management tools for all incident handling and shift transitions. You are responsible for the quality and completeness of the data your team enters.
• Process Documentation: Lead the team in creating, reviewing, and updating operational documentation, including Standard Operating Procedures (SOPs), Tactics, Techniques, and Procedures (TTPs), and Quick Reference Guides (QRGs), on a quarterly basis.
• Professional Growth: Identify skill gaps on the team and facilitate continuous learning by encouraging participation in training, development of automation workflows, and professional development to keep the team current with new threats and tools.
• Stakeholder Interface: Act as the primary point of contact between your team and government leadership, other DISA divisions, and external customer agencies.
• Situational Awareness: Provide clear and timely information to leadership on the state of Network Assurance, articulating emerging trends and the impact of cyber events.
• Collaboration: Foster a collaborative environment within your team and across shifts. Ensure seamless coordination with inspection teams, Cyber Protection Teams (CPTs), and customer incident responders.