Security Operations T3 Team Lead

Role Description:

●     Lead security incident investigations, including root cause analysis and implementation of effective countermeasures.

●     Conduct proactive threat hunting and in-depth forensic analysis to identify potential security risks.

●     Serve as a mentor and resource to junior SOC analysts, providing training and guidance in incident response and cybersecurity techniques.

●     Develop and maintain SOC documentation, including processes, procedures, and best practices.

●     Collaborate with internal teams and stakeholders to enhance overall security posture and awareness.

●     Communicate technical information clearly to both technical and non-technical audiences.

●     Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation.

●     The ability to identify new data sources for determination of security events:

●     Analyze raw data sources to extract, institutionalize, and document actionable events.

●     Review existing security events and propose refinements, automation, and/or broaden handling capabilities as appropriate.

●     The ability to communicate the current status of security:

●     Identify and report on metrics related to the operations of the team.

●     Identify and report on project status related to augmenting detection ability.

●     Subject Matter Expert (SME) on two or more of the following: Log Analysis/Event Detection, Malware Analysis, Cloud Security, Network Access Control, Security Automation, Incident Response, Detection Engineering, Cyber Threat Hunting

●     Has the ability to work with security tools that emulate adversary like actions and personnel to develop, document, and test detection mechanisms and to close the loop by working with the applicable teams to improve security by resolving findings.

●     The ability to develop detailed multi month and resourced project plans providing timely updates.

●     Works with executive management to determine acceptable levels of risk for the enterprise.

●     Ability to lead in the development of technical security standards to support policies including monitoring standards and incident investigation procedures.

●     Interact with key stakeholders for troubleshooting/content development/etc.

●     Coordinate incident response with security operations staff and serve as incident response or hunt lead.

●     Has the ability to develop and document a hunt plan and the capability to develop standardized detection mechanisms based on the hunt plan.

●     Ability to work with staff to develop a vision and independently lead the implementation of new capabilities.

●     Ability to lead in the development and performance of quality control checks, operational metrics and project management for Cybersecurity operations.

Required Qualifications & Education:

●     BS/BA Degree in Cybersecurity or Information Technology from a U.S. accredited college, university, or institution.

●     Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification(GIAC), Certified Ethical Hacker (CEH) or equivalent Certification(s).

●     5+ years of experience responsible for leading security incident investigations, determining root causes, implementing appropriate counter measures, threat hunting, and forensic analysis.

●     Experience with providing guidance and training to junior SOC analysts in incident response, threat detection, and cybersecurity techniques.

●    Experience with creating and maintaining documentation, procedures, and best practices for the SOC.

●     Has excellent oral, writing, and team skills.

Clearance and Location Requirements:

●     Able to be cleared for a Public Trust clearance.

●     This job requires to be on-site 3 days/week in Washington, DC.

●     Must be available for after-hours “on-call” SOC (Security OperationsCenter) support on a rotating basis with other team members.