ROC Lead

About The Position

Requirements

• Comprehensive knowledge of Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B
• Expertise coordinating incident response actions and validating cybersecurity events
• Proficiency with Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), including signature development and tuning
• Experience conducting digital forensics across multiple operating systems
• Advanced proficiency with host-based security tools and operating system logging
• Deep expertise with log aggregation and analysis platforms such as Splunk, Elastic, or Microsoft Sentinel
• Exceptional logical reasoning and independent problem-solving abilities
• Superior written and verbal communication skills
• Bachelor’s degree with a minimum of five (5) years of specialized cybersecurity experience or A minimum of eight (8) years of relevant cybersecurity operations experience in lieu of a degree
• Required certifications per Performance Work Statement (PWS): None
• Minimum Security Clearance: Secret, with ability to obtain Top Secret / Sensitive Compartmented Information (TS/SCI) eCRAFT: CSE3

Nice To Haves

• Strong leadership and operational oversight experience in a cybersecurity operations environment
• Expert knowledge of incident response processes and campaign management
• Ability to assess incident severity and impact using established DoD guidance
• Strong analytical and problem-solving skills
• Ability to communicate clearly and effectively in both written and verbal formats
• Proven ability to mentor and lead teams in high-tempo, operational environments

Responsibilities

• Lead administrative and operational functions during incident response campaigns, ensuring tasks are completed, vetted, and properly documented
• Coordinate with subscriber sites and reporting agencies to ensure timely and accurate incident reporting
• Review validated security incidents for quality assurance and determine severity and impact in accordance with Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B
• Conduct ticket, alert, and indicator analysis reviews to ensure accuracy, consistency, and completeness
• Maintain an in-depth understanding of cybersecurity concepts, protocols, architectures, and defensive cyber tools
• Oversee shift turnovers to ensure continuity of operations and proper documentation within campaign and shift logs
• Compile, review, and maintain internal Standard Operating Procedures (SOPs) in compliance with applicable policies and directives
• Mentor, guide, and develop ROC analysts to improve triage effectiveness and analytical capabilities
• Participate in program reviews, product evaluations, and onsite certification or assessment activities as required
• Ensure operational readiness and coordination across three Regional Operations Centers supporting 24/7/365 mission requirements
• Provide surge and overtime support during elevated threat conditions or significant cybersecurity incidents

Benefits

• Short/Long Term Disability
• Basic Life Insurance
• Direct Payroll Deposit
• Leave Accrual
• Holidays
• 401(k) Match
• Additional (Voluntary) Life Insurance
• 401(k)
• Medical Coverage
• Dental Coverage
• Vision Care Plan
• Flexible Spending Account Plan