Responsibilities

1. Serves as the Lead Cybersecurity Operations (SECOPS) contractor, providing senior-level technical leadership and operational support to the Agency’s IT Security Program. Supports and coordinates SECOPS activities under government direction and maintains technical inputs to the Agency’s IT Security Program.
2. Provides senior technical advisory support to the Chief Information Security Officer (CISO) on developments in cybersecurity, information security (INFOSEC), and IT security, including emerging threat vectors, advanced persistent threats (APTs), attack surface analysis, and identified weaknesses. Delivers actionable recommendations for government consideration and decision-making.
3. Supports Agency-level technical implementation of approved cybersecurity policies, standards, and directives by developing technical documentation, implementation guidance, and draft procedures for government review and approval.
4. Leads day-to-day contractor cybersecurity operations activities within the SECOPS function, supporting government-led oversight of systems and services that impact the Agency’s mission and critical infrastructure. Executes approved actions in alignment with government priorities and risk decisions.
5. Implements and administers cybersecurity incident handling (IH) and incident response (IR) capabilities, including SIEM dashboards, detection inputs, incident response playbooks, and operational metrics, to improve efficiency and effectiveness of security operations.
6. Facilitates and coordinates SECOPS activities in support of the Agency’s Information Security (INFOSEC) Program, assisting Agency system security personnel and Information System Security Officers (ISSOs). Provides accurate and timely reporting on SOC performance metrics and submits recommendations for improvement to government leadership.
7. Serves as the senior technical advisor for threat, vulnerability, and configuration management activities, providing threat intelligence analysis, mitigation recommendations, and defensive strategy insights to Agency stakeholders. Supports OIT by conveying industry attack trends, mitigations, and active defense techniques for government consideration and approval.

Required Skills

Desired Skills and Experience

• Demonstrated ability to guide technical discussions and provide expert advisory support to senior government officials, including the CISO, system owners, SOC staff, and executive leadership, while operating under government direction.
• Proven experience as a SOC Lead or Senior Team Lead, successfully coordinating with managed security service providers (MSSPs) and external cybersecurity partners (e.g., CISA, CYBERCOM) in support of incident response (IR), incident handling (IH), and vulnerability management (VM) activities), including mitigating actions to contain activity and facilitating forensics analysis when necessary.
• Documented experience conducting and guiding in-depth technical evaluations of INFOSEC, IT security, and cybersecurity tactics, techniques, and procedures (TTPs), including their impact on baseline system configurations.
• Demonstrated proficiency providing cybersecurity posture assessments, hygiene reporting, and technical input in support of Governance, Risk, and Compliance (GRC) activities and continuous monitoring programs.
• Experience providing incident response support to network subscribers, including recommending mitigating actions, supporting containment efforts, and facilitating forensic analysis under government oversight.
• Demonstrated expertise in log-based and endpoint-based threat detection, threat hunting, and analysis across multiple threat sources.
• Strong technical knowledge of web services security, Microsoft cloud environments (Azure, M365), and modern enterprise security architectures.
• Advanced experience evaluating the security of complex web portals, APIs, and databases (e.g., Java, Ruby, SQL, Oracle) using commercial and open-source security assessment tools such as SQLmap and mongoaudit.
• Near-expert proficiency in:
• Web application security testing frameworks (e.g., NMAP, W3af)
• Continuous monitoring and remediation tools (e.g., Azure Security Center, Defender for Cloud, Qualys, Wireshark)
• Endpoint Detection and Response (EDR) platforms (e.g., HBSS, SEP, Microsoft Defender)
• Near-expert knowledge of SOC operations, incident handling (IH), incident response (IR), and adversary tactics, techniques, and procedures (TTPs).
• Ability to facilitate adoption of cybersecurity best practices with development, database, and system administration teams through technical expertise and collaborative engagement.

Education, Certifications, Abilities

•         Requires a bachelor’s degree in Cybersecurity, Information Assurance, or Information Security and 7+ years of relevant work experience. Additional experience may be substituted for a degree.
•          Highly Desired Certifications: CISSP, OSCP, GCIH, GPEN, GSEC, GCIA, GCED, GCID, CCSP, GWEB, GSNA, GCWN, GAWN, GSE, GPPN
•          Must be engaging and proactive with critical thinking and problem-solving ability, both independently and as part of a team.
•          Candidate must demonstrate the ability to present ideas and reports clearly in English, both orally and in writing
•          Experience supporting a nationwide mid-sized Federal agency enterprise is a plus.
•          Must obtain agency suitability clearance prior to start date.