Intrusion Detection Team Shift Lead

Job Description SummaryThis position is contingent upon awardThe Intrusion Detention Team Shift Lead has the primary responsibility of managing a SOC team that aggressively monitors and responds to alerts triggered in the Security Information and Event Management (SIEM) tool or requests for assistance from customers. The Lead will work with the team to use a variety of tools to investigate incidents and take immediate action or recommend a course of action to safeguard the Customers' systems. The Lead ensures all incidents are documented and create a clear narrative that supports their conclusions. The Lead manages the Analyst as tier 1 support and will escalate all events to second tier for review before completing event notation to assure correctness in reviews. All events that require higher handling will be immediately escalated to the Shift Team Lead.General Experience:Five years of network intrusion detection experience. The Intrusion Detection Team Shift Lead must have the following skills; The ability to:Lead a teamManage personnelInvestigate and evaluate network trafficApply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).Apply techniques for detecting host and network-based intrusions using intrusion detection technologiesRead and interpret log and sniffer packets, Wireshark.Analyze data from a variety of sources over time and create a logical narrative of observed behaviorCommunicate clearly both orally and in writing.Specialized Experience:The Intrusion Detection Team Shift Lead will have at least Five years of experience performing intrusion detection analytics working with the examination of logs and console events in the following working experience areas of; Splunk, examining Snort based IDS events, Pcaps, web server log review, and working in a SIEM environment. Experience to include:Developing and deploying signatures.Detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).Determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.Using protocol analyzers.Collecting data from a variety of cyber defense resources.Recognizing and categorizing types of vulnerabilities and associated attacks.Reading and interpreting signatures (e.g., snort).Assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).Performing packet-level analysis.Recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).Conducting trend analysis.Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).Education Requirements:Bachelor's degree or equivalentCISSP Preferred (minimum is Sec+ certification)5+ Years of experienceship Essential Duties and Responsibilities:- Part of the rotational 24x7 operations of the SOC.- Manage, implement and monitor the strategic security monitoring and operation program to ensure that confidentiality, integrity, and availability of information owned, controlled or processed by the organization.- Understand a variety of network protocols including TCP/IP, UDP, DHCP, FTP, SFTP, ATM, SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP, and HTTPS.- Operate SEIM (Trustwave) consoles in order to monitor the environment for events of interest.- Perform analysis of security logs in an attempt to detect unauthorized access.- Use vulnerability assessment data to pinpoint potential points of attack.- Document and contain security incidents detected on the network.- Execute incident response process when a security incident has been declared.- Participate in the creation, modification and maintenance of all SOC policies and procedures.- Travel required up to 15% of the time.- Other duties as assigned by management.Minimum Requirements:- Typically requires a minimum of 5 years of related experience with a Bachelor's degree; or 3 years and a Master's degree; or a PhD without experience; or equivalent work experience.- Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors.- Demonstrates good judgement in selecting methods and techniques for obtaining solutions.- Networks with senior internal and external personnel in own area of expertise.A committed and diverse workforce is our most important resource. MAXIMUS is and Affirmative Action/Equal Opportunity Employer. MAXIMUS provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.