Our DC Metro based client is looking for a Cyber Security Subject Matter Expert/ SOC Lead. This position requires an active Secret. If you are qualified for this position. Please email me your updated resume in word format to firstname.lastname@example.orgWork location:St. Elizabeths Campus, Washington, DC
We are looking for a Cyber Security Subject Matter Expert/ SOC Lead that will support the incident detection and response. This role leads and further develops a team of analysts responsible for 24x7x365 monitoring of threats, as well as the tools and processes that support the core mission of defending the organization against cyber-threats. This position requires ability to work independently as well as within groups. Sensitivity to accuracy, timeliness, and professionalism in all areas of support activity is imperative.
• Lead and manage Security Operations Center
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in threat management
• Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix
• Knowledge of applications, databases, middleware to address security threats against the same.
• Proficient in preparation of reports, dashboards and documentation
• Excellent communication and leadership skillsGood Analytical skills, Problem solving and Interpersonal skillsWorking knowledge and experience with MS office with proficiency in Excel
• ArcSight and multi-vendor IDS/IPS experience is a MUST
• Primarily responsible for security event monitoring, management and response
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Revise and develop processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs
• Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Center
• Management, administration & maintenance of security devices under the purview of ITRC which consists of state-of-the art technologies
• Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
• Responsible for integration of standard and non-standard logs in SIEM
• Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
• Co-ordination with stakeholders, build and maintain positive working relationships with themPERL or other scripting and automation skills
• In-depth understanding of ports, protocols, and network traffic analysis as it relates to network security.
• Experience using troubleshooting technique including but not limited to; network sniffers, syslog, and the Firewall capture command.
• Understanding of information security principles as it relates to systems and network security
• Create formal documentation for systems administration, operations, and maintenance
• Understanding of formal processes for change and release management
• Understanding of federal contracting environment with the ability to lead and direct the security operations center staff
• Ability to create repeatable processes, escalation instructions and work scripts as needed for shift agents.
• Ability to utilize Campus tool sets such as ServiceNow ITSM, P-NET, EMS, and secure protocols in daily operations and maintenance environment
- Bachelor’s degree
- 8-10 years of IT experience with minimum 6 years of experience as a firewall or network security engineer
- At least on of the following certification is required (two or more are preferred):
- ACSA, CCNP, CCSP, MSCE, CISSP GCFW or other GIAC certifications
- ITIL V3 Foundation.
*Applicant Must Hold a Current Secret Clearance in order to be considered for this position.* Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.*
This program requires 24X7X365 operational support. Normal business hours are from 6:00 AM – 6 PM and you may be asked to support early morning or late afternoon shifts. This position requires after hours on call support availability as a tier 3 SME.