Address
Form of work
Salary Our DC Metro based client is looking for a Cyber Security Subject Matter Expert/SOC Lead. This position requires an active Secret. If you are qualified for this position. Please email me your updated resume in word format to Work location:
St. Elizabeths Campus, Washington, DC We are looking for a Cyber Security Subject Matter Expert/SOC Lead that will support the incident detection and response. This role leads and further develops a team of analysts responsible for 24x7x365 monitoring of threats, as well as the tools and processes that support the core mission of defending the organization against cyber–threats. This position requires ability to work independently as well as within groups. Sensitivity to accuracy, timeliness, and professionalism in all areas of support activity is imperative. POSITION REQUIREMENTS
• Lead and manage Security Operations Center
• In–depth knowledge of security concepts such as cyber–attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in threat management
• Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix
• Knowledge of applications, databases, middleware to address security threats against the same.
• Proficient in preparation of reports, dashboards and documentation
• Excellent communication and leadership skillsGood Analytical skills, Problem solving and Interpersonal skillsWorking knowledge and experience with MS office with proficiency in Excel
• ArcSight and multi–vendor IDS/IPS experience is a MUST
• Primarily responsible for security event monitoring, management and response
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Revise and develop processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs
• Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Center
• Management, administration & maintenance of security devices under the purview of ITRC which consists of state–of–the art technologies
• Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
• Responsible for integration of standard and non–standard logs in SIEM
• Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
• Co–ordination with stakeholders, build and maintain positive working relationships with themPERL or other scripting and automation skills • In–depth understanding of ports, protocols, and network traffic analysis as it relates to network security. • Experience using troubleshooting technique including but not limited to; network sniffers, syslog, and the Firewall capture command.
• Understanding of information security principles as it relates to systems and network security • Create formal documentation for systems administration, operations, and maintenance
• Understanding of formal processes for change and release management • Understanding of federal contracting environment with the ability to lead and direct the security operations center staff • Ability to create repeatable processes, escalation instructions and work scripts as needed for shift agents.
• Ability to utilize Campus tool sets such as ServiceNow ITSM, P–NET, EMS, and secure protocols in daily operations and maintenance environment
QUALIFICATIONS
Bachelor's degree
8–10 years of IT experience with minimum 6 years of experience as a firewall or network security engineer
Certifications:
At least on of the following certification is required (two or more are preferred):
o ACSA, CCNP, CCSP, MSCE, CISSP GCFW or other GIAC certifications
ITIL V3 Foundation. Applicant Must Hold a Current Secret Clearance in order to be considered for this position. Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
This program requires 24X7X365 operational support. Normal business hours are from 6:00 AM – 6 PM and you may be asked to support early morning or late afternoon shifts. This position requires after hours on call support availability as a tier 3 SME.
