Washington, DISTRICT OF COLUMBIA
The Security Operations Center (SOC) Manager is responsible for achieving the overall goals of the SOC through the implementation of processes, procedures, and performance indicators related to SOC functions.
- Managing the overall day-to-day operations, to include ensuring events and/or incidents are detected and responded to in adherence to established processes and procedures.
- Work directly with ISSO & SOC leadership on cyber threat intelligence analysts to convert intelligence into useful detection.
- Overseeing the SOC daily tasking and team scheduling.
- Communicate to the SOC team expectations, assignments and responsibilities in a clear, timely and professional manner
- Identifying and raising systemic operational and security issues.
- Managing and escalating roadblocks that may jeopardize security monitoring operations or incident response capabilities.
- Interfacing and collaborating with other security teams across DOE and Federal government, as necessary.
- Tracking tactical issues in execution of SOC responsibilities.
- Ensuring SOC analysts follow existing procedures and desktop instructions.
- Manage the process improvement program for SOC processes.
- Serve as a proactive incident manager for the SOC, along with other responsibilities.
- Verify deployment and maintenance of security sensors and tools
- Mentor and provide training to SOC analysts and weekly and/or quarterly bag training sessions.
- Implement emerging technologies and tactics within the SOC, and how they are applied to improve efficiency and effectiveness.
- Must be US Citizen and able to obtain position of Public Trust designation.
- Demonstrated and highly effective written and oral communication skills.
- 6+ years concentrated in the field of cyber security with intimate knowledge of operations, incident response, and management.
- Working knowledge / hands-on experience working within and supporting a Federal Security Operations Center (SOC) environment.
- Experience with SIEM technology, logging, Splunk, data analytics, cloud, and virtualization.
- Crystal clear understanding of security tactics, technologies, techniques, and strategies associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat hunting techniques.
- Knowledge of security policy and technical standard development, secure infrastructure design reviews, multi-tiered trust zone structures, and complex networking through multiple level network security structures.
- Working knowledge and experience with virtualization, remote access and secure mobile technologies.
- Knowledge of NIST and FIPS security controls.
- Proficiency in Microsoft Office products to include Excel, PowerPoint, and Word.
- Strong interpersonal and communication skills with the ability to lead and work as part of a team.
- Proven oral and written communication and client facing skills.
- CompTIA Security +, GIAC Security Essentials Certification, or GIAC Certified Incident Handler highly desired.
- Certifications: CEH, Security+, CISSP or CISM is required.
- Splunk certification or relative experience.
- PMP is preferred.
- GCIH – GIAC Certified Incident Handler (preferred).
- GSEC – GIAC Security Essentials Certification (preferred).
- 3-5 years’ experience performing threat modeling, risk analysis, root cause analysis, risk identification, and risk mitigation.
- Past SOC leadership experience, preferably with multiple federal agencies.
- Incident Management Response: 5+ years
- Associate’s or Bachelor’s Degree in relevant field or equal level of experience.