ECS is seeking a Senior SOC Chief to work in our Washington DC office. ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a Senior Security Operation Center (SOC) Manager to provide a full range of cybersecurity services on a long-term contract in Suitland, MD. The position is full time/permanent and will provide 24x7x365 support for a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.Top Secret, SCI eligible
- 8+ years of Information Technology experience, with at least 5 years of experience in information security working within security operations
- 7-10+ years of experience in SOC operations and incident response including SOC management and an IR commander role.
- Experience with maturing and optimizing SOCs
- Experience with utilizing Cyber Threat Intelligence to enhance security operations, and threat detections and response
- Preferred experience with developing and deploying an integrated NOC/SOC model
- Excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems
- Strong customer service skills and decision-making skills
- Working knowledge of cloud infrastructure preferred
- Career proven knowledge and experience with log, network, and system forensic investigation techniques
- Significant experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs
- Significant experience with host and network analysis
- Experience with reading malware analysis reports
- Knowledge of diverse operating systems, networking protocols, systems administration and security technologies
- Intelligence driven defense utilizing the Cyber Kill Chain (CKC) and MITRE ATT&CK
- Significant experience monitoring threats via a SIEM console
- Candidate must have familiarity with US-CERT Federal Incident Notification Guidelines
- Azure, Azure Sentinel, Microsoft 365 Defender (across endpoint, email, and collaboration) experience preferred
- Working knowledge of FireEye/Trellix tools, Akamai WAF, Sourcefire, and Ironport
- Strong sense of professionalism and ethics
- Actively seeks to enhance the group through the sharing of knowledge
- Acts with integrity and communicates honestly and openly
- Ability to build rapport and cooperation among teams and internal stakeholders
- Respects others and demonstrates fair treatment to all
- Methodical and detail oriented
- Self-motivated
- Ability to work in a high-pressure environment with changing priorities.
Salary Range: $174,000-194,000General Description of Benefits
- Bachelor's degree in computer science or related field or equivalent work experience
- Certified Information Systems Security Professional (CISSP)
- Ensure the timeliness and quality of deliverables so that all information and data are accurate and complete;
- Lead Information Security GAP Analysis review;
- Perform administrative functions such as reviewing performance and operations to ensure appropriate performance;
- Ensure effective coordination, collaboration, and communication with federal personnel;
- Serve as the primary incident commander for all cybersecurity incidents;
- Must possess a functional understanding of log and monitoring management systems, security event monitoring systems, network-based and host-based intrusion detection systems, firewall technologies, malware detection and enterprise-level antivirus solutions/systems
- Must have demonstrated experience with managing and ensuring the timely response and investigations of security events and incidents by the Security Operations Center (SOC)
- Have demonstrated experience with developing and facilitating cybersecurity tabletop exercises for technical and non-technical personnel
- Must possess a working knowledge of regulatory security compliance requirements
- Familiarity with White House Executive Orders (OE) on improving the Nation's Cybersecurity and subsequent Office of Management and Budget (OMB) memorandums
- Familiarity with FISMA monitoring and reporting requirements
- Must have experience with conceptualizing, developing, publishing and communicating status reports for executive leadership
- Work closely with client CISO and cybersecurity leadership to identify implement process changes, improvements and efficiencies, and ensure solid security practices
- Develop and administer SOC processes and review their application to ensure that SOC's controls, policies, and procedures are operating effectively
- Establish and maintain excellent working relationships/partnerships with the cybersecurity and infrastructure support teams throughout the Information Technology organization, as well as business units
- Play a significant role in long-term SOC strategy and planning, including initiatives geared toward operational excellence
- Execute security operations processes, identify and measure critical security operations metrics, and continually improve the efficiency and effectiveness of all core services in scope
- Manage and develop SOC team members, including mentoring, task management, and capability/skill development.
- Provide a framework for team members to be successful in achieving team goals and individual performance objectives
- Provide security expertise to the SOC team leveraging industry leading practices
- Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment
- Recommends implementation of countermeasures or mitigating controls
- Resolve or coordinate the resolution of cybersecurity events/incidents
- Responsible for development and leadership of a 24x7x365 SOC, to include establishment of the mission, SOC maturity and optimizing, task management, playbook development and maintenance, and developing and deploying an integrated NOC/SOC model
- Perform the SOC Chief activities to include project tracking schedules, risk registers, and risk and issue mitigation strategies for SOC and incident response activities