Proposal Staffing

About The Position

Requirements

• Minimum of 10 years’ experience providing security operations and penetration testing support.
• Minimum 5 years’ managing and directing security operations.
• Responsible for the ability to implement the various phases of Continuous Diagnostics and Mitigation, establishing baselines for security tools to ensure proper configuration and deployment, architecting, deploying, and maintaining security products and services, and recommending and implementing solutions for protecting data throughout its lifecycle.
• Certified Information System Security Professional Information Systems Security Management Professional (CISSP-ISSMP)
• Certified Information System Security Professional Information Systems Security Architecture Professional (CISSP-ISSAP)
• Bachelor of Science in Information Technology, Computer Science or related field.

Nice To Haves

• Network Security Engineer (CNSE)

Responsibilities

• Maintain, update, and prepare SOC Concept of Operations and Standard Operating Procedures.
• Monitor, defend, and protect perimeter interface for malicious network traffic.
• Monitor, defend, and protect hosts within the NCUA boundary for malicious activity or activity that could indicate lateral movement within the environment.
• Perform advanced network analysis of egress and ingress traffic.
• Conduct initial triage, containment, categorization, and escalation for suspicious events and incidents.
• Perform triage and short-turn analysis of potential security incidents generated by near real-time security alert feeds.
• Perform curation, tune and optimize detections, analytics, signatures, correlation rules, and response rules deployed on SOC detection and analytics systems, such as EDR, SIEM, and SOAR.
• Use knowledge of adversary Tactics, Techniques and Procedures (TTPs) and agency systems to create detections and analytics to detect and understand various activity in SOC sensors and analytic systems, from scratch, as needed.
• Receive, document, and process reports of potential security incidents from agency and third parties. These reports may come through written (e.g., email, OneStop) or verbal means.
• Perform in-depth, detailed analysis of suspected incidents, identifying details such as the origin, extent, and implications of the incident, and characterizing the confidence of these conclusions.
• Support incident or compromise response activities as necessary.
• Provide security impact assessments and risk analysis of vulnerabilities, incidents, and change requests.
• Provide situational awareness and reporting on cybersecurity status, incidents, and trends in adversary behavior.
• Operate and maintain cybersecurity technology (e.g., endpoint detection and response, security information and event management platform, etc.).
• Develop and publish security operations dashboards and visualizations.
• Maintain, update, and prepare Asset and Vulnerability Management Standard Operating Procedures.
• Ensure security tools are installed and operational in accordance with service level agreements (SLAs) (i.e., IT/OT).
• Collect and curate knowledge of assets, networks, and services, mapping their interdependencies, and calculating criticality and risk.
• Conduct vulnerability scanning of assets for vulnerability status, including patch level and installed software, and security-relevant configuration, for purposes of calculating security risk and compliance status.
• Accept, triage, and analyze vulnerability reports from vulnerability researchers.
• Coordinate vulnerability disclosure remediation activities with stakeholders and validate remediation.
• Coordinate with stakeholders to prioritize and implement vulnerability remediation.
• Coordinate with CISA and NCUA stakeholders to maintain accuracy and updates to the CISA CDM dashboards.
• Develop and publish asset and vulnerability management dashboards and reports.