Job Description
Job Description
The Security Operations Center (SOC) Manager will be responsible for managing SOC staff to perform monitoring, threat hunting, analysis, resolution, and reporting of security incidents and vulnerabilities across all CUSTOMER IT Infrastructure systems and applications. The incumbent will oversee 24x7, 365(366) SOC support, ensuring timely escalation of issues based on impact and actively participating in various meetings and activities outlined in the contract.
Key Tasks and Responsibilities
• Manage SOC staff to perform monitoring, threat hunting, analysis, resolution, and reporting of security incidents and vulnerabilities across all CUSTOMER IT Infrastructure systems and applications.
• Provide 24x7 SOC support, participating in daily DHS SOC status calls and monthly DHS SOC working group meetings.
• Utilize CUSTOMER enterprise security information and event management (SIEM) and other monitoring tools for security monitoring and proactive threat hunting.
• Utilize threat intelligence and open-source cybersecurity outlets to enhance SOC operations.
• Manage security-related events/incidents using CUSTOMER and DHS ticketing systems.
• Develop and present SOC status reports at Information Technology Cyber Security Program (ITCSP) weekly staff meetings.
• Develop and maintain SOC standard operating procedures (SOPs).
• Collaborate with Cybersecurity and other IT support teams as needed for incident response.
• Utilize CUSTOMER Security Orchestration and Automated Response (SOAR) tool for incident handling and workflow development.
• Interface with CUSTOMER Privacy Office and Security Management Division for classified and privacy data spill clean-up.
• Lead technical support for developing, implementing, and managing CUSTOMER social engineering exercises.
• Escalate threat and indicator of compromise (IOC) details to the Cybersecurity team as necessary.
• Interface with DHS SOC and SOCs of other agencies or companies as needed.
• Provide shift-end status reports and hand off open incident investigations to the next shift.
• Support ITCSP team in advancing the maturity level of the CUSTOMER SOC based on the DHS defined Maturity Model.
• Perform annual self-assessment of SOC capabilities against the DHS Cybersecurity Service Provider (CSP) maturity model.
• Support external assessments and audits by various stakeholders.
• Support Cybersecurity and SOC-related tabletop exercises and internal assessments.
• Serve as the technical lead for the DHS CSP assessment.
• Assist in creating and maintaining project plans for all SOC-related projects.
Education & Experience
• Bachelor's degree (Preferred).
• Minimum 12 years of overall IT experience.
• 10 years of experience in a lead role managing major data center or IT Security Operations Center supporting a broad range of IT capabilities.
• Experience using IT tools (Microsoft Sentinel and M365 Defender preferred) for monitoring security incidents and vulnerabilities.
• Experience performing threat hunting across complex IT architectures.
• Ability to work in a dynamic environment and coordinate multiple assignments.
• Excellent communication skills - both written and verbal.
• Ability to independently resolve complex issues.
• Knowledge of the CUSTOMER mission and organization.
Certifications
• At least one of relevant industry certifications such as GIAC Security Operations Manager (GSOM), GIAC Security Expert (GSE), GIAC Certified Incident Handler (GCIH), GIAC Certified Detection Analyst (GCDA), GIAC Certified Intrusion Analyst (GCIA), EC-Council Certified Incident Handler (ECIH), or other relevant certifications.
Security Clearance
• Candidate must be a US Citizen.
• DHS Customer will perform and adjudicate customer background investigation prior to work start.
• Candidate must be eligibility for potential Top Secret or Top Secret with SCI.
• Active Top Secret Clearance (Preferred).
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
• Local travel within 50 mile radius of Washington, DC may be required.
• Work location in Washington DC with Telework/Remote work authorized at Customer discretion.
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
314.952.5138
or
Job Tags
Contract work, Local area, Remote job, Shift work,