07 Jan
7009- SOC Manager/ Senior Incident Response Forensic an
California, Seaside , 93955 Seaside USA

Vacancy expired!

Alliant Information Technologies, Inc. a subsidiary of IndraSoft, Inc., is seeking highly qualified SOC Manager/Senior Incident Responder candidate with a Top Secret clearance to support our DoD client, located in Seaside, CA. The selected candidate will be a highly motivated individual who works well as part of a multi-disciplinary team. The candidate will oversee the Security Operations Center (SOC), which includes ArcSight and Incident Response, and serve as the Lead Incident Responder.

Required Clearance:
  • Active Top Secret clearance with T5/SSBI background investigation

Required Education, Experience, and DoD Cybersecurity Workforce Compliance:
  • Bachelor s degree in computer science, information technology, network technology, network administration, cybersecurity, information security, or similar discipline AND 5+ years of incident response experience, with 1 year of Lead or Manager Incident Response, preferably in support of the DoD or other federal clients
  • For the exceptional candidate, an additional 4 years of military or professional cybersecurity experience will be considered in lieu of a Bachelor s degree
  • Active DoD 8570 CSSP Incident Responder certification for compliance, including at least one of the following certifications in good standing: CEH, CYSA+, CFR, CCNA Cyber Ops, CCNA Security, CHFI, GCFA, GCIH, SYCYBER
  • Active DoD 8570 IAT Level II or III certification, including at least oe of the following certifications in good standing: Security +, CySA +, CISSP, CASP+, CCNA Security, GISCP, GSEC, CND, SSCP, CGED, GCIH

Required Qualifications:
  • Conducting Incident Responder activities for a DoD enterprise environment (1000 servers plus 1500 workstations)
  • Knowledge of DoD cybersecurity policies, practices, and requirements, specifically including NIST and CJCSM 6510 policy and procedures
  • Experience with digital investigations including: incident handling and response, network and computer forensics, malware and memory analysis
  • Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
  • Capacity to thrive in a complex, chaotic environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
  • Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
  • Willing to work overtime, holidays, and weekends as necessary to support cybersecurity initiatives and incident response
  • Must have the ability to maintain an active Top Secret clearance

Desired Qualifications
  • Leadership experience with direct reports in a cyber environment
  • Experience in an DoD enterprise environment (1500 servers plus 2500 workstations)
  • Knowledge of CJCSM 6510 policy and procedures
  • Experience with digital investigations including: incident handling and response, network and computer forensics, malware and memory analysis
  • Experience with ServiceNow or similar service management/ticketing systems
  • Ability to prioritize workload and competing demands
  • Database security management with experience detecting and preventing SQL injection and other threats, and preferred certifications such as the Oracle Database Security Expert
  • Experience utilizing DoD tools, including the Assured Compliance Assessment Solution (ACAS) vulnerability scanner, host-based security system (HBSS), and McAfee ePolicy Orchestrator (ePO)

Technologies Desired:
  • Experience applying troubleshooting techniques across various server, application, and network technologies including:
    • Operating systems Windows, RHEL and relevant DoD STIGs
    • Networking knowledge TCP/IP, inspection tools, and network devices
    • ArcSight, FireSight
    • DoD tools - vulnerability scanners (ACAS/Nessus) and HBSS (McAfee ePO and point products)
    • WireShark
    • EnCase

Job Description:To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The key responsibilities listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Primary focus will be on the containment, restoration, investigation, and reporting of activities related to computer security incidents.

Key Responsibilities:
  • Serve as a Security Operations Center Manager (SOC) and Senior Incident Responder
  • Serve as the IndraSoft/AIT Line Manager providing managerial support include but are not limited to timesheet reviews, performance reviews, employee engagement and management presentations
  • Provide technical/functional guidance spanning all SOC tools used to investigate suspicious and potentially malicious activity within the network and systems
  • SOC
    • Manage the daily activities across a small SOC
    • Fosture a culture towards process improvement, critical thinking, adaptability, and a positive can do attitude
    • Champion and develop a plan for the expansion of the SOC with the DoD Customer
  • Incident Response
    • Support all aspects of Computer Security Incident Response activities for a large enterprise, including coordination with other government agencies and reporting of incidents
    • Conduct analysis of cyber incidents and remediate or recommend remediation as appropriate in accordance with established incident response processes (detection, triage, incident analysis, remediation and reporting)
    • Conduct highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations, leveraging all cybertools
    • Reconstruct events from network, endpoint, and log data
    • Support vulnerability and penetration testing
    • Ensure the secure handling of digital evidence and matter confidentiality.
    • Identify recurring incidents within a customer s environment and determine the need to escalate to the appropriate technical resources, ensuring resolution of more complex issues.
    • Recognize potential successful and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information.
    • Assist with implementation of countermeasures or mitigating controls as needed
    • Request and analyze on-demand system audits or vulnerability assessments when necessary to determine compliance
    • Recommend changes or improvements to the incident management system
  • Customer Engagement
    • Engage customers in a professional manner, resolving requests and incidents with a high sense of urgency and ownership
    • Communicate effectively and articulate the identified issues and resolution steps to bring the customer s incident to a resolved state
  • Audits
    • Participate in external and internal audits and assessments
    • Support external Pen Testing teams
  • Documentation
    • Close incidents and prepare incident reports of analysis methodology and results.
    • Be responsible for quality control of incident reports
    • Support workflow development in the Service Now Incident Response Module
    • Develop security policies and procedures
    • Develop and maintain Incident Response Plan and Testing
    • Track, measure and evaluate Incident Response compliance across the enterprise
    • Prepare and present weekly presentation status slides
Candidate may also provide general technical cybersecurity support in the areas of vulnerability assessment, risk assessment, network security, and security implementation. Additional general duties include implementation and support for protecting the confidentiality, integrity and availability of sensitive information;providing input into the design of IS contingency plans; and conducting testing and audit log reviews to evaluate the effectiveness of current security measures.

Physical Demands:While performing duties of the job, the successful candidate will be exposed to normal demands of an office environment,including:Sitting and working on a computer for long continuous periods each day, effective communications by telephone, email and face-to-face, standing, walking, sitting, handling and feeling objects or controls, reaching, talking and hearing, lifting and or/moving up to 20 pounds and specific vision abilities including close vision, distance vision, color vision, peripheral vision depth perception and the ability to adjust and focus.

Work Environment:The noise level in the work environment is usually moderate.Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor s legal duty to furnish information. 41 CFR 60-1.35(c)See job description

Vacancy expired!


Report job