Our Cyber Security Division is looking for a Sr Incident Response Manager / Deputy CISO and team Leader for the Cyber Security Operations Center (CSOC). This position is responsible for training and leading the team of cyber defenders that detect and respond to cyber adversaries who threaten business and research networks. We are seeking someone who is a technical cybersecurity SME with a passion for leading a team of cyber defenders who strive to deeply understand our adversaries, develop innovative analytics and detection solutions and proactively hunt and respond to adversary actions. Equally, you’ll be a hands-on member of an experienced cyber security team with a culture of collaboration, creativity, partnership, and execution, so you will need to work well in that environment as well. We’re looking for someone who keeps up with cutting edge research in the field of adversary detection, vulnerability management, threat analytics, attack path visualizations, incident response, malware analysis, and more. This leader will sustain, grow and create a culture of security innovation within the framework of an industry leading security operations center.
Your key responsibilities and accountabilities would include:
- Provides subject matter expertise on enterprise cyber security risks, threats, technologies, and potential impact.
- Maintain an adversary understanding that drives a kill-chain activity based approach to detection, respond and recovery
- Continually monitors against authorized security control requirements and reports system risks and application configurations or vulnerabilities.
- Intercepts and prevents internal and external attacks or attempts against internal systems.
Partners with cyber security researchers on data analysis, prototype implementation, collaboration, and feedback to operationalize our research solutions in security operations.
- Interprets, analyzes, and executes incident response actions for detected intrusion anomalies and events.
- Conducts system, network, and software vulnerability assessments and penetration testing.
- Prepares and presents technical reports and briefings demonstrating the impact of security operations activities and actions.
- Contributes to design, development and implementation of countermeasures, cyber security systems integration, and leverages tools specific to cyber security operations.
- As necessary, shares knowledge with external entities including law enforcement, intelligence and other government organizations and agencies.
- Work in a cyber-program focused on collaboration, partnership, and “out of the box” creativity.
- Manages the Cyber Security Operations Center (CSOC) activities, personnel and budget in accordance with internal and Federal requirement.
Ultimately, success in this role comes as the cyber security capabilities and maturity across Protect, Detect and Respond in our facility continuously improve and evolve in response to the changing threat, technology and business landscape. Your role and contributions, particularly in Detect and Respond, will be evident and visible to all stakeholders. You will not only impact internal IT security but your impact will extend to leadership across Federal R&D initiatives in cyber security. Success requires a commitment to the mission and science and our sponsors and a passion for leveraging your cyber security expertise to advance these.
Technical field Bachelors of Science (B.S.) degree with 9-13 years of experience in IT; Masters with 7-11 years of experience; PhD with 4-8 years of experience;
- Minimum of 7 years in the Information Security/Cyber Security field
- 3 years in security operations lead or management role
- Knowledge of network security architecture concepts including topology, protocols, components, and principles.
- Operating Systems knowledge and expertise in Windows, Unix or Linux
- Advanced Security Certification (CISSP, CISM, CEH, EnCE, SANS GIAC, etc.)
- Experience with weekend or evening “on-call” duties in security operations
- Exceptionally strong peer leadership, interpersonal, collaborative, and customer relationship skills are essential.
- Thorough understanding of the cyber kill chain or attack vectors.
- Experience red teaming and proactive cyber adversary hunting.
- Keen ability to anticipate and recognize cyber security threats.
- Use practical knowledge to effectively remediate threats, and modify activities and priorities to anticipate and respond to changing conditions.
- Experience working in, leading and building an industry-leading security operations center.
- Network protocols, uses, and potential exploitation by malicious software.
- Applying layered computer network defense techniques and network policy architectures
- Tracking malware infections across a wide enterprise
- Clearly communicating technical information in various forms to senior management, peers, and customers.
- Ability to implement and operate intrusion detection/prevention systems, network penetration testing, vulnerability scanning, packet generators and sniffers, firewalls, and router systems.
- Working independently and leading collective team efforts to develop theories, ideas, and concepts around cyber security methodologies.
Equal Employment Opportunity:
Company is an Affirmative Action/Equal Opportunity Employer and supports diversity in the workplace. All employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital or family status, sexual orientation, gender identity, or genetic information. All company staff must be able to demonstrate the legal right to work in the United States. Company is an E-Verify employer.
This position requires the ability to obtain and maintain a federal security clearance.
- S. Citizenship
- Background Investigation: Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified matter in accordance 10 CFR 710, Appendix B.
- Drug Testing: All Security Clearance (L or Q) positions will be considered to be Testing Designated Positions which means that they are subject to applicant, random, and for cause drug testing. In addition, applicants must be able to demonstrate non-use of illegal drugs, including marijuana, for the 12 consecutive months preceding completion of the requisite Questionnaire for National Security Positions (QNSP).