IT Security Operation Center (SOC) Manager

We are seeking a Security Operations Centre (SOC) Manager for our client who will manage the SOC functions and operations. Ensure the monitoring and analysis of incidents addressing all security incidents and ensuring timely escalations. The Security Operations Center Manager provides direction to analysts as well as a liaison to the Security Engineering teams and other departments within DC Government agencies.
Responsibilities

• Manage the day-to-day SOC Operations as well as additional Incident Response activities as required
• Supervise the SOC team, provide technical guidance, and interface with teams within OCTO and other agencies as needed
• Oversee all management activities related to SOC operations including but not limited to people management, training, and mentoring.
• Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges in managing SLAs
• Regularly interact with senior leadership and agency technology leadership.
• Serve as a member of the CSIRT leadership team, with the role of IR Manager
• Responsible for running the periodic IR tests, writing IR Test reports, and driving ‘lessons learned’ activities.
• Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
• Creation of reports, dashboards, metrics for SOC operations and presentation
• Timely threat intel information sharing with public and private partners.

MINIMUM QUALIFICATIONS

• Five years of demonstrated operational experience as a cybersecurity analyst/engineer handling and coordinating cybersecurity incidents and response in critical environments, and/or equivalent knowledge in areas such as; technical incident handling and analysis, intrusion detection, log analysis, penetration testing, and vulnerability management.
• In-depth understanding of current cybersecurity threats, attacks and countermeasures for adversarial activities such as network probing and scanning, distributed denial of service (DDoS), phishing, ransomware, botnets, command and control (C2) activity, etc.
• In-depth hands-on experience analyzing and responding to security events and incidents with most of the following technologies and/or techniques; leading security information and event management (SIEM) technologies, intrusion detection/prevention systems (IDS/IPS), network- and host-based firewalls, network access control (NAC), data leak protection (DLP), database activity monitoring (DAM), web and email content filtering, vulnerability scanning tools, endpoint protection, secure coding, etc.
• Strong communication, interpersonal, organizational, oral, and customer service skills.
• Strong knowledge of TCP/IP protocols, services, and networking.
• Knowledge of forensic analysis techniques for common operating systems.
• Adept at proactive search, solicitation, and detailed analysis of threat intelligence (e.g., exploits, IOCs, hacking tools, vulnerabilities, threat actor TTPs) derived from open-source resources and external entities, to identify cybersecurity threats and derive countermeasures, not previously ingested into network security tools/applications, to apply to protect the Government of the District of Columbia network.
• Excellent ability to multi-task, prioritize, and manage time and tasks effectively.
• Ability to work effectively in stressful situations.
• Strong attention to detail.

PREFERRED EDUCATION/CERTIFICATION REQUIREMENTS

• Undergraduate degree in computer science, information technology, or related field.
• SANS GCIA, GCED, GPEN, GCIH or similar industry certification desired.

Minimum Education/Certification Requirements:
BS Degree in IT, Cybersecurity, or Engineering, or equivalent experience

Job Type: Full-time

Schedule:

• Monday to Friday

Education:

• Bachelor's (Preferred)

Experience:

• managing staff in a dedicated SOC environment: 5 years (Preferred)
• analysis of incident reports, aggregate monitoring date: 5 years (Preferred)
• operating IS tech such as firewalls, IDS/IPS, SIEM, Antivi: 10 years (Preferred)
• scripting and tool automation erl, PowerShell, Regex: 10 years (Preferred)
• developing nformation security incident response plans: 10 years (Preferred)
• standard and complex IT solutions & services: 10 years (Preferred)

License/Certification:

• SANS GCIA, GCED, GPEN, GCIH or similar (Preferred)

Work Location: One location