Leidos is looking for a SOC Manager for a large Enterprise Information Technology (IT) services program. The SOC manager will provide senior technical leadership to an enterprise Security Operations Center (SOC) working in a 24x7 operational environment. This position requires daily interaction with management, security personnel at customer sites, and government personnel with other federal agencies. Applicant must be a positive, flexible, self-starter requiring minimal direct supervision, and able to excel as a leader in the fast-paced cybersecurity industry. Exceptional communication and interpersonal skills are a necessity; including the ability to effectively communicate via written and verbal mediums. Excellent business and technical writing skills are a must. SOC Technical Leads are responsible for providing technical oversite of SOC activities and advancing the state of analytic techniques and tools. This position is heavily focused on the development of automated solutions within a cybersecurity operations team. Position may include up to 10% travel both locally and nationwide. Applicants must be detail-oriented, self-driven, and be able to multi-task on a high-tempo operational team.
Duties and Responsibilities:
Provide other services to include, but not limited to:
- Lead or contribute to projects advancing the state of analytic techniques and tools
- Investigate and develop detections for new and evolving threats
- Analyze escalated alerts in support of network security monitoring operations
- Develop and review high-visibility notifications for enterprise customers
- Review and analyze network packet capture files
- Review and analyze SIEM and IDS alerts
- Review of security vulnerability data
- Utilize threat hunting techniques to proactively identify threat activity
- Identification, review, and tracking of malicious code
- Reporting malicious activity to customer sites
- Provide customers with remediation recommendations
- Review and management of incident response activity
- Serve as a Subject Matter Expert (SME) within the team for technical expertise
- Develop use of new services, technology, and products
- Conduct training and coaching sessions for SOC personnel on analytic techniques and tools
- Create, review, and approve new procedural documentation
- Other duties as assigned
- Travel up to 10%
- Bachelor's Degree in Computer Science, Information Systems, Information Security or related technical discipline and 12 years of technical experience with a preference of experience in network security monitoring.
- Active Department of Energy (DOE) “Q” Clearance OR Top Secret Security Clearance required
- US Citizenship required
- Active Advanced cyber security certification(s) in at least one (1) of the following: Certified Information Security Professional (CISSP); CISSP®-ISSMP: Information Systems Security Management Professional
- Minimum 5 years of direct staff management experience in delivery of information systems or computer network support services
- In-depth understanding of cyber security architectures, technical platforms and threat management standards and industry best practices.
- Subject matter expertise on enterprise information security architecture and ability to apply these to the organization's overall security strategy.
- Knowledge of cyber threats and vulnerabilities as they relate to the cyber security area of expertise.
- Knowledge of specific operational impacts of cyber security lapses as they relate to the cyber security area of expertise.
- Ability to apply an organization's goals and objectives to develop and maintain the team’s operations architecture.
- Knowledge of integrating the team’s goals and objectives into team’s technical and/or functional architecture.
- Strong ability to work well with a diverse staff base.
- Demonstrated experience in making processes more efficient.
- Knowledge of laws, regulations, policies, and ethics as they relate to the cyber security area of expertise.
- Experience working in a heavily regulated and/or audited environment.
- Excellent written, oral and presentation skills, especially in conducting cross-training events for the team other cyber security teams.
- Ability to execute technology and/or tool automation processes.
- Ability to optimize systems and/or tools to meet enterprise performance requirements.
- Technical (hands-on) experience with Sustainment, Splunk, Malware Analysis, Security Monitoring, Cyber Security Compliance, Cyber Security Risk assessments, and technical procedure documentation
- Knowledge of operations testing and evaluation methods as they relate to the Cyber Security area of expertise.
- Experience managing a technical team in an operational environment (SOC considered a plus)
- Experience in network and cyber security design, engineering and operations
- Experience with NIST SP 800 series or ISO 27000 series documents for information security management and risk assessment
- Understanding of DevOps/Agile concepts and processes