Risk and Integration Lead

About The Position

Requirements

• Strong technical understanding of cybersecurity operations.
• Experience in managing and overseeing technical cyber monitoring and incident response.
• Excellent communication and problem-solving skills.
• Ability to work collaboratively with cross-functional teams.
• Deep understanding of incident response processes and procedures.
• Ability to apply knowledge in driving continuous improvement and defining new methodology for CSSP Service Area scalability.
• Understanding of modern cyber defense policies, procedures, and regulations, such as defense-in-depth principles, intrusion detection methodologies, and incident response frameworks.
• Identification of appropriate response actions associated with different cybersecurity event scenarios as well understanding of the different classes of attacks and knowledge of general attack stages (cyber kill chain).
• Ability to communicate in both written and verbal format to stakeholders, tailored at either non-technical or technical levels as required.
• Ability to direct, coach, and mentor floor analysts both outside cybersecurity events as part of skills development and during cybersecurity events as a Subject Matter Expert and surge support.
• Skill in providing informed opinions to leadership during a high-pressure situation and to support leadership in coordinating available resources to resolve the situation.
• Ensures problems are communicated from analysts up to leadership and follows up between all parties to ensure resolution of problems.
• Analyzes, tracks, and directs own workflow to ensure efforts are placed on projects that will improve the workflow and services the Ops Watch Floor provides.
• Remains self-disciplined and ensures timely completion of tasks.
• Possess knowledge of the following concepts: Network and host-based activity correlation in tools such as Splunk, Elastic, and Microsoft Sentinel; Full packet capture (PCAP) analysis; IDS/IPS solutions; Advanced writing skills; Basic digital forensics concepts and tools.
• Experience in managing and overseeing technical cyber monitoring and incident response.
• Strong understanding of cybersecurity operations.
• Excellent communication and problem-solving skills.
• Ability to work collaboratively with cross-functional teams.
• Deep understanding of incident response processes and procedures.
• Ability to apply this knowledge in providing professional and technical guidance to CSSP Service Area personnel on cybersecurity subject matters.
• Secret clearance with upgrade to TS required.
• Bachelor’s degree in Cybersecurity, Information Technology, or a related field; or a minimum of three years of directly relevant experience, preferably within a DoD or federal cybersecurity environment.
• Must hold an IAT Level II certification CND certification or ability to obtain.

Nice To Haves

• Knowledge of reverse engineering and malware analysis such as familiarity with program memory structure, compilation, and assembly, as well as ability to read code, de-obfuscate code, and determine if code is malicious or benign.
• Knowledge of programming language structures and logic, secure coding techniques, and familiarity with computer science sub-fields such as information theory, cryptography, computer security, operating systems, networks, and embedded systems.
• Experience presenting to senior (GS15/O5+) Leadership.
• Knowledge of DoD Cyber policies and compliance guidelines.
• Familiarity with CJCSM 6510.01B Cyber Incident Handling Program.
• Working knowledge of common DCO tools.
• Familiarity with SaFE methodology and Atlassian products (Jira, Confluence, etc.).

Responsibilities

• Serves as the central POC for internal CSSP risk management, ensuring visibility and timely escalation.
• Supports subscriber onboarding and sustainment, coordinating integration across service areas.
• Maintains requirements, issues, and gap logs to ensure accuracy, traceability, and resolution across the IPT.
• Improves risk posture through centralized tracking and visibility for leadership decision making and prioritizing initiatives.
• Ensures subscriber visibility and monitoring from onboarding and throughout sustainment.
• Improves program execution by identifying and resolving risks early.
• Enhances coordination across Operations Leads and service areas.
• Supports mission continuity by identifying trends and gaps early.
• Oversee and validate network intrusion detection, monitoring, and correlation analysis; incident response; and network and host-based digital forensics as necessary to support CSSP mission execution.
• Serve as the designated GOV technical authority for a specified CSSP Service Area service offering, such as DCO monitoring/incident response, User Activity Monitoring (UAM), Cyber Threat Intel (CTI), or cyber threat hunting and malicious cyber activity detection creation.
• Communicate significant updates to stakeholders and CSSP Director regarding cyber incidents, outages, and other significant activity.
• Maintain awareness of any CSSP risks that may impact the ability to execute CSSP Service Area service delivery or be mitigated by changes to CSSP Service Area processes.
• Provide professional and technical guidance to CSSP Service Area personnel on cybersecurity subject matters.
• Demonstrate advanced technical proficiency in IR methodologies and tools, leading development of training, documentation, and process improvement, as well as overseeing technical mission execution during cyber events.
• Provide technical direction to contractors and other teams within the NIWC Atlantic CSSP Service Area department to steer the overall incident response plan and recovery actions.
• Attend meetings in support of CSSP Service Area to identify operational issues and process improvement opportunities as the designated GOV technical cyber SME.
• Identify, create, and oversee projects for furthering the operational capability of the Floor.
• Work with the prime contracting stakeholders remotely to execute and verify output of project requirements.
• Provide any necessary unfulfilled communications, technical, or administrative support to Floor personnel in the event of a significant breach.
• Act as surge support civilian oversight for the CSSP Service Area in the case of the unavailability of the CSSP Director or CSSP Deputy Director.
• Prioritize and ensure CSSP mission execution aligns with requirements (CJCSM 6510.01B, DoD O-8530.1-M, and ESM).

Benefits

• Voluntary Medical, Dental, Vision, with Health Savings or Flexible Spending Plan options
• Voluntary Life, Critical Illness, Accident, and Long Term Care insurance options
• Group Term Life, Short-Term and Long-Term Disability is provided by Sentar to all qualifying employees
• Generous 401(k) match
• Competitive PTO plan that graduates quickly with years of service
• Other leave programs; holiday schedule along with bereavement, maternity, jury and military duty
• Mental health awareness programs
• Tuition reimbursement
• Professional development reimbursement
• Recognition and Awards programs