Yesterday
Top Secret
Mid Level Career (5+ yrs experience)
Unspecified
Occasional travel
IT - Security
Washington, DC (Off-Site/Hybrid)
Required Education/Experience
Bachelors degree in STEM, Cyber Security, or related field with 3 years of professional experience, or 5 years’ experience without a degree
Primary Responsibilities
• Onboarding Optimization:
• Lead efforts to reduce onboarding time through continuous observation and assessment of operations and administrative processes.
• Implement process improvements to enhance efficiency and reduce unnecessary efforts, leveraging process improvement methodologies, e.g. Lean Six Sigma.
• Process Improvement:
• Continuously review and refine Standard Operating Procedures (SOPs) and workflows to ensure they are modern, efficient, and aligned with current needs.
• Collaborate with the SOAR team and other special teams to enhance automation and workflow capabilities.
• Customer Service Enhancement:
• Provide superior customer service to the Department of Homeland Security (DHS) by accurately identifying and addressing ad hoc requests from federal leadership.
• Act as a point of contact for high-level leaders and leads on the federal side to ensure clear communication and understanding of requirements.
• Training and Tools Management:
• Oversee and maintain compliance with required training programs, including on-the-job cybersecurity training and DHS-mandated e-learning courses.
• Manage and maintain access to cybersecurity tools, ensuring all team members have the necessary permissions to perform their roles effectively.
• Provide training on the use of various cybersecurity tools to team members, enhancing their capability to use the tools efficiently.
• Shift Liaison and Task Management:
• Ensure that all shifts (Front Days, Back Days, Front Nights, Back Nights) do not miss important emails or tasks, maintaining consistency in task completion.
• Monitor and follow up on asks to ensure they are addressed and not overlooked, addressing gaps in previous processes.
• Quality Assurance and Content Improvement:
• Perform quality assurance checks on Splunk comment closures, Splunk investigations, and cybersecurity investigations (ECMs).
• Conduct quality checks on EBMs or proxy and firewall blocks submitted within the network.
• Review trends and data to develop better content for Splunk alerting and monitoring.
• Continuously work to improve the accuracy and efficiency of monitoring content by analyzing investigation trends.
• Process and Workflow Enhancement:
• Collaborate with the federal cybersecurity leads to reduce waste and improve meaningful cybersecurity processes.
• Engage with various teams to explore new methods to improve the work environment and cybersecurity services, including liaising with SOAR engineers and other special teams.
• Tools and Service Evaluation:
• Test and evaluate new tools and services requested by the customer in a testing or development environment, providing critical feedback and analysis before enterprise-wide acquisition.
Basic Qualifications
• All NOSC Team Lead candidates shall have a bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field AND a minimum of four (4) years total professional experience in at least two of the areas listed below:
• Vulnerability Assessment
• Intrusion Prevention and Detection
• Access Control and Authorization
• Policy Enforcement
• Application Security
• Protocol Analysis
• Firewall Management
• Incident Response
• Encryption
• Web-Filtering
• Advanced Threat Protection
• Military experience and training may be considered in lieu of degree
• Active advanced cybersecurity certification(s)
• Experience conducting detailed technical analysis of Cybersecurity Events and Incidents
• Must have current TS/SCI. In addition to specific security clearance requirements, all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
• Must have one of the following certifications: CCNA-Security, CYSA+, GICSP, GSEC, Security+ CE, CND, SSCP
Candidates should also demonstrate the following:
• Extensive knowledge of a SOC’s/NOSC’s purpose and role within an organization
• Detailed understanding of common network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)
• Expertise with network topologies and network security device functions (e.g. Firewall, IDS/IPS, Proxy, DNS, etc).
• Expertise with packet analysis tools such as Wireshark
• Able to perform critical thinking and analysis to investigate cyber security alerts
• Extensive knowledge of common malware and attack vectors
• Extensive experience with Windows operating systems and standard OS logging
• Extensive experience with Antivirus, DLP, and host-based firewalls
Requirement Certifications
CCNA Security
CCNP Security
CCSP – Certified Cloud Security Professional
CEH – Certified Ethical Hacker
CISSP – Certified Information Systems Security
CNDA – Certified Network Defense Architect
Cyber Analyst Course (DCITA)
ECES – EC-Council Certified Encryption Specialist
ECSA – EC-Council Certified Security Analyst
ECSP – EC-Council Certified Secure Programmer
ECSS – EC-Council Certified Security Specialist
ENSA – EC-Council Network Security Administrator
GCIA – Intrusion Analyst
GISF – Security Fundamentals
GMON – Continuous Monitoring Certification
GNFA – Network Forensic Analyst
GPPA – Perimeter Protection Analyst
GREM – Reverse Engineering Malware
GWEB – Web Application Defender
GXPN – Exploit Researcher and Advanced Penetration Tester
LPT – Licensed Penetration Tester
OSCE (Certified Expert)
OSCP (Certified Professional)
OSEE (Exploitation Expert)
OSWP (Wireless Professional)
SEI (Software Engineering Institute)
CompTIA Cyber Security Analyst (CySA+)
CompTIA Linux Network Professional (CLNP)
CompTIA Server+
Splunk Core Certified Advanced Power User
Splunk Core Certified Consultant
Splunk SOAR Certified Automation Developer
CCNA Security
CompTIA Cyber Security Analyst (CySA+)
GICSP –Cyber Security Professional
GSEC – Security Essentials
CompTIA Security+ CE
Certified Network Defender (CND)
ISC2 Systems Security Certified Practitioner (SSCP)
Preferred Qualifications
o Expertise in Lean Six Sigma, e.g. Black Belt or Green Belt
o Familiarity with other continuous improvement methodologies, e.g. Theory of Constraints
o Strong analytical skills with the ability to perform quality assurance and content improvement.
o Demonstrated ability to liaise between multiple teams and organizational levels.
o Excellent communication skills, both written and verbal, with the ability to interact effectively with federal leadership and team members across all shifts.
Bachelors degree in STEM, Cyber Security, or related field with 3 years of professional experience, or 5 years’ experience without a degree
Primary Responsibilities
• Onboarding Optimization:
• Lead efforts to reduce onboarding time through continuous observation and assessment of operations and administrative processes.
• Implement process improvements to enhance efficiency and reduce unnecessary efforts, leveraging process improvement methodologies, e.g. Lean Six Sigma.
• Process Improvement:
• Continuously review and refine Standard Operating Procedures (SOPs) and workflows to ensure they are modern, efficient, and aligned with current needs.
• Collaborate with the SOAR team and other special teams to enhance automation and workflow capabilities.
• Customer Service Enhancement:
• Provide superior customer service to the Department of Homeland Security (DHS) by accurately identifying and addressing ad hoc requests from federal leadership.
• Act as a point of contact for high-level leaders and leads on the federal side to ensure clear communication and understanding of requirements.
• Training and Tools Management:
• Oversee and maintain compliance with required training programs, including on-the-job cybersecurity training and DHS-mandated e-learning courses.
• Manage and maintain access to cybersecurity tools, ensuring all team members have the necessary permissions to perform their roles effectively.
• Provide training on the use of various cybersecurity tools to team members, enhancing their capability to use the tools efficiently.
• Shift Liaison and Task Management:
• Ensure that all shifts (Front Days, Back Days, Front Nights, Back Nights) do not miss important emails or tasks, maintaining consistency in task completion.
• Monitor and follow up on asks to ensure they are addressed and not overlooked, addressing gaps in previous processes.
• Quality Assurance and Content Improvement:
• Perform quality assurance checks on Splunk comment closures, Splunk investigations, and cybersecurity investigations (ECMs).
• Conduct quality checks on EBMs or proxy and firewall blocks submitted within the network.
• Review trends and data to develop better content for Splunk alerting and monitoring.
• Continuously work to improve the accuracy and efficiency of monitoring content by analyzing investigation trends.
• Process and Workflow Enhancement:
• Collaborate with the federal cybersecurity leads to reduce waste and improve meaningful cybersecurity processes.
• Engage with various teams to explore new methods to improve the work environment and cybersecurity services, including liaising with SOAR engineers and other special teams.
• Tools and Service Evaluation:
• Test and evaluate new tools and services requested by the customer in a testing or development environment, providing critical feedback and analysis before enterprise-wide acquisition.
Basic Qualifications
• All NOSC Team Lead candidates shall have a bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field AND a minimum of four (4) years total professional experience in at least two of the areas listed below:
• Vulnerability Assessment
• Intrusion Prevention and Detection
• Access Control and Authorization
• Policy Enforcement
• Application Security
• Protocol Analysis
• Firewall Management
• Incident Response
• Encryption
• Web-Filtering
• Advanced Threat Protection
• Military experience and training may be considered in lieu of degree
• Active advanced cybersecurity certification(s)
• Experience conducting detailed technical analysis of Cybersecurity Events and Incidents
• Must have current TS/SCI. In addition to specific security clearance requirements, all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
• Must have one of the following certifications: CCNA-Security, CYSA+, GICSP, GSEC, Security+ CE, CND, SSCP
Candidates should also demonstrate the following:
• Extensive knowledge of a SOC’s/NOSC’s purpose and role within an organization
• Detailed understanding of common network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)
• Expertise with network topologies and network security device functions (e.g. Firewall, IDS/IPS, Proxy, DNS, etc).
• Expertise with packet analysis tools such as Wireshark
• Able to perform critical thinking and analysis to investigate cyber security alerts
• Extensive knowledge of common malware and attack vectors
• Extensive experience with Windows operating systems and standard OS logging
• Extensive experience with Antivirus, DLP, and host-based firewalls
Requirement Certifications
CCNA Security
CCNP Security
CCSP – Certified Cloud Security Professional
CEH – Certified Ethical Hacker
CISSP – Certified Information Systems Security
CNDA – Certified Network Defense Architect
Cyber Analyst Course (DCITA)
ECES – EC-Council Certified Encryption Specialist
ECSA – EC-Council Certified Security Analyst
ECSP – EC-Council Certified Secure Programmer
ECSS – EC-Council Certified Security Specialist
ENSA – EC-Council Network Security Administrator
GCIA – Intrusion Analyst
GISF – Security Fundamentals
GMON – Continuous Monitoring Certification
GNFA – Network Forensic Analyst
GPPA – Perimeter Protection Analyst
GREM – Reverse Engineering Malware
GWEB – Web Application Defender
GXPN – Exploit Researcher and Advanced Penetration Tester
LPT – Licensed Penetration Tester
OSCE (Certified Expert)
OSCP (Certified Professional)
OSEE (Exploitation Expert)
OSWP (Wireless Professional)
SEI (Software Engineering Institute)
CompTIA Cyber Security Analyst (CySA+)
CompTIA Linux Network Professional (CLNP)
CompTIA Server+
Splunk Core Certified Advanced Power User
Splunk Core Certified Consultant
Splunk SOAR Certified Automation Developer
CCNA Security
CompTIA Cyber Security Analyst (CySA+)
GICSP –Cyber Security Professional
GSEC – Security Essentials
CompTIA Security+ CE
Certified Network Defender (CND)
ISC2 Systems Security Certified Practitioner (SSCP)
Preferred Qualifications
o Expertise in Lean Six Sigma, e.g. Black Belt or Green Belt
o Familiarity with other continuous improvement methodologies, e.g. Theory of Constraints
o Strong analytical skills with the ability to perform quality assurance and content improvement.
o Demonstrated ability to liaise between multiple teams and organizational levels.
o Excellent communication skills, both written and verbal, with the ability to interact effectively with federal leadership and team members across all shifts.
group id: baseone
