Cybersecurity Operations Technical Lead (SOC Engineer/SME)

Koniag Government Services, LLCWashington, DC
$170,000 - $197,024Onsite

About The Position

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking an experienced Cybersecurity Operations Technical Lead to support the U.S. Small Business Administration (SBA). The ideal candidate is a seasoned cybersecurity professional with deep technical expertise in Security Operations Center (SOC) operations, threat detection, and incident response. This individual will serve as a subject matter expert (SME), providing technical leadership and guidance to a team of cybersecurity analysts while working closely with SBA stakeholders to protect critical government systems and data. The Cybersecurity Operations Technical Lead will serve as the senior technical expert within the SOC, providing leadership, mentorship, and hands-on technical support for all cybersecurity operations activities supporting the SBA.

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university.
  • 8+ years of progressive experience in cybersecurity operations, with at least 3 years in a technical lead, senior analyst, or SME role within a SOC environment.
  • Demonstrated experience supporting federal government cybersecurity programs and operations.
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Security Operations Certified (GSOC)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Enterprise Defender (GCED)
  • Certified SOC Analyst (CSA)
  • Exceptional communication skills in English – both written and oral – with the ability to convey complex technical information clearly to both technical and non-technical audiences, including senior government leadership.
  • Deep technical expertise in SOC operations, including security event monitoring, incident detection, triage, and response.
  • Extensive hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, ArcSight, or similar) including use case development, rule tuning, and dashboard creation.
  • Strong knowledge of network security concepts, including TCP/IP, DNS, HTTP/S, firewalls, IDS/IPS, and network traffic analysis tools such as Wireshark or Zeek.
  • Proficiency in endpoint detection and response (EDR) tools and methodologies for investigating host-based threats and anomalies.
  • Experience with threat intelligence platforms and the ability to operationalize threat intelligence to improve detection and response capabilities.
  • Strong understanding of the MITRE ATT&CK framework and its application to threat detection, threat hunting, and incident response.
  • Demonstrated experience developing and maintaining incident response playbooks, SOPs, and runbooks.
  • Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, FISMA, and CISA guidance.
  • Experience conducting log analysis across diverse data sources, including Windows Event Logs, Syslog, cloud platform logs, and application logs.
  • Ability to lead and mentor a team of cybersecurity analysts in a fast-paced operational environment.
  • Ability to obtain and maintain a Public Trust Clearance.

Nice To Haves

  • Master's degree in Cybersecurity, Information Assurance, or a related field.
  • 10+ years of cybersecurity operations experience within a federal government or defense contracting environment.
  • Prior experience supporting SBA or other federal civilian agency cybersecurity programs.
  • Experience with cloud security monitoring and operations in AWS, Azure, or GCP environments.
  • Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms and scripting languages (e.g., Python, PowerShell) for automation of SOC workflows.
  • Knowledge of Zero Trust Architecture principles and implementation within a federal environment.
  • Experience with digital forensics and malware analysis techniques.
  • Familiarity with CDM (Continuous Diagnostics and Mitigation) program tools and requirements.
  • GIAC Certified Forensic Analyst (GCFA) or GIAC Reverse Engineering Malware (GREM) certification.
  • Experience supporting FedRAMP authorized cloud environments.

Responsibilities

  • Serve as the primary technical subject matter expert (SME) for SOC operations, providing guidance and oversight to cybersecurity analysts in the detection, analysis, and response to security incidents.
  • Lead and coordinate incident response activities, including triage, containment, eradication, recovery, and post-incident review in accordance with SBA policies and federal guidelines.
  • Oversee continuous monitoring of SBA networks, systems, and endpoints using SIEM platforms, IDS/IPS tools, and other security technologies to identify and respond to potential threats and anomalies.
  • Develop, tune, and maintain SIEM use cases, detection rules, correlation logic, and alerting thresholds to improve threat detection capabilities and reduce false positives.
  • Conduct advanced threat hunting activities to proactively identify indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) leveraged by threat actors targeting SBA systems.
  • Perform in-depth analysis of security events, logs, network traffic, and endpoint telemetry to identify malicious activity and provide actionable intelligence to SBA leadership and stakeholders.
  • Collaborate with SBA IT and security teams to develop, refine, and maintain Standard Operating Procedures (SOPs), playbooks, and runbooks for SOC operations and incident response activities.
  • Provide technical mentorship and training to junior and mid-level SOC analysts, fostering professional development and elevating the overall capability of the team.
  • Support vulnerability management activities, including the review and analysis of vulnerability scan results and coordination with system owners on remediation efforts.
  • Prepare and deliver detailed technical reports, briefings, and after-action reviews (AARs) to SBA leadership, documenting incident timelines, findings, and recommended corrective actions.
  • Ensure SOC operations align with federal cybersecurity frameworks, policies, and compliance requirements, including NIST, FISMA, and DHS/CISA guidance.
  • Coordinate with external stakeholders, including US-CERT, CISA, and other federal agencies, as necessary, during significant cybersecurity incidents or threat campaigns.
  • Support the continuous improvement of SOC processes, tools, and technologies to enhance operational efficiency and the overall cybersecurity posture of the SBA.

Benefits

  • health, dental and vision insurance
  • 401K with company matching
  • flexible spending accounts
  • paid holidays
  • three weeks paid time off
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service