Client requires US Citizenship
Ability to acquire a US government clearance
- Manage the overall day-to-day of the security operations center ensuring events and/or incidents are detected and responded to in adherence to established process as well as procedures.
- Oversee the analysts’ daily tasking.
- Manage the team’s scheduling.
- Ensure effective incident management.
- Identify chronic operational and security issues, and ensure they are managed appropriately.
- Manage and escalate roadblocks that may jeopardize security monitoring operations, infrastructure, and SLAs.
- Serve as a senior mentor to SOC staff.
- Interface and collaborate with outside teams.
- Track tactical issues in execution of SOC responsibilities.
- Document and track analyst training requirements.
- Ensure analysts follow existing procedures and all procedures are documented in accordance with local guidelines.
- Manage the process improvement program for SOC processes.
- Management, maintenance, and rule creation for SIEM
- Serve as focal technical lead on incident events and incidents.
- Must be highly technical, hands-on and also capable of serving as the primary point of contact with senior management
- Investigate network intrusions and othercybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
- Summarize events/incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.
- Managing the chain of custody for all evidence collected during incidents and securityinvestigations
- Create a curriculum and conduct in-house training sessions, individualized if needed, for IR staff, to ensure appropriate development of skills and continued innovation as well as facilitating incident management team exercises and events
- Bachelor’s Degree in Information Security, Computer Science or equivalent; or 7years’ comparable work/military experience
- Security Certifications such as CISSP, ECIH, GCIA, and/or GCIH
- Strong background in security operations, process, solutions and technologies
- Experience interfacing with otherinternal or external organizations regarding failure and incident response situations
- 3+ years of experience leading teams utilizing a Security Incident Event Management Solution
- 5+ years of experience in security incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses and other forms of malware.
- Experience mitigating and addressing threat vectors including Advanced Persistent Threat (ADT), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc.
- Knowledge of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits
- Excellent verbal communication skills, strong analytical and organizational skills. Strong analytical skills to define risk, identify potential threats, and develop action/mitigation plans.
- Ability to manage expectations with multiple stakeholders on projects and programs in conjunction with information security team
- Demonstrated personal integrity, the ability to professionally handle confidential matters and exhibit the appropriate level of judgment and decision making commensurate with the position and responsibilities
- Demonstrated initiative, dependability, and ability to work with little supervision
- Ability to acquire a US government clearance