Security Operation Center (SOC) Lead

About The Position

Requirements

• Bachelor's degree in Cybersecurity and Information Assurance; Advanced degree(s) preferred.
• Years Experience: (8+MA/MS or 8+BA/BS)
• 8140/8570 DoD Certification; Foundation-Advance / Information Assurance Technician (IAT-III) w/ CSSP Incident Responder certifications
• Brings hands-on experience in cybersecurity operations (including protection, detection, response, and sustainment)
• Possesses extensive technical expertise in current cybersecurity technologies and emerging innovations.
• Demonstrates comprehensive knowledge of the lifecycle of cybersecurity threats with development of associated tactics, techniques, and procedures (TTPs).
• Knowledge in planning, directing, and managing Security Operations Center (SOC) operations in an organization in a large, complex environment.
• Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.
• Must be a US Citizen with a DoD SECRET Clearance

Nice To Haves

• 4+ years of supervising and/or managing teams
• 5+ years of Incident handling experience
• Experience working with DoD / U.S. Army / Federal Government
• Experience with software/tools: Assured Compliance Assessment Solution (ACAS), Splunk, Endpoint Security Solution (ESS), Cisco Adaptive Security Appliance (ASA) Firewalls and Firepower IPS, SRGs, STIGS, DISA STIG Viewer, SCC/SCAP, Evaluate STIG
• Experience as a Cyber Engineer

Responsibilities

• Support the implementation of, to include the production of documentation and associated artifacts with the implementation of, Cybersecurity requirements as identified in DoDI 8510,8140, and AR 25-2 based upon Risk Management Framework (RMF)
• Ensure all sites execute monthly continuous monitoring and compliance testing to validate the current configurations, against the documented security configuration baseline, and report compliance.
• Ensure SOC provides 24 hours a day monitoring for training rotations and exercises for remote sites.
• Ensure that SOC verifies all assets have a representative security configuration baseline documented in Defense Information Systems Agency (DISA) STIG checklist and Plan of Action and Milestones (POA&M) form.
• Direct patching and IA Vulnerability Alert (IAVA) for supported baselines
• Standardizes analysis and correlation of audit records using the Security Incident & Event Management (SIEM) tools across different repositories, to include backups.
• Enforcement of enterprise monitoring and controls communications at the external boundary for all sites and at key internal boundaries within the sites.
• Enforcement of enterprise monitoring, and controls for unauthorized software, to include mobile code through the continuous monitor process.
• Enforcement of all enterprise end point security software update at appropriate schedule within operational schedule.
• Ensure communication between remote sites with local cybersecurity governance personnel in accordance with the Incident Response Plan and security documentation.
• Ensure all sites are performing functional and security testing in support of Assessment and Authorization (A&A) activities.
• Ensure all sites configure and enable security features Enterprise Account management / IAM
• Support annual FISMA requirement for all sites, to support auditors with actual and historical data from SOC.

Benefits

• Healthcare coverage
• Retirement plan
• Life insurance, AD&D, and disability benefits
• Wellness programs
• Paid time off, including holidays
• Learning and Development resources
• Employee assistance resources