PCI Federal · 2 weeks ago
Cyber Defense Operations Lead
Quantico, VA
Full-time
Onsite
Senior Level
$175K/yr - $200K/yr
7+ years expPCI Federal is seeking a Cyber Defense Operations Lead to provide comprehensive support for cyber defense operations. The role involves administering data solutions, conducting forensic investigations, and producing analysis reports to ensure the security of networks and systems.
Customer ServiceGovernmentInformation Services
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Administer Data at Rest solution, analysis reports, forensics investigations, and trend reports
Produce monthly cyber trends analysis report
Wireless scans, analysis, and reporting are required quarterly
Coordinates and tracks data spills
Analyze impact of cyber warning intelligence and AS&W
Develop tailored countermeasures to address identified threats and prevent or mitigate potential cyber event impacts to DCSA
Update and maintain the SOPs for Security Operations Center (SOC) functions annually
Develop and maintain a dashboard(s) or tracking technology to track the Action Officer, status, and compliance of orders and directives including, but not limited to, Tasking Orders (TASKORDs), Fragmentary Orders (FRAGOs), and Operation Orders (OPORDs) to display on the EC3 SOC video wall
Develop, maintain, and leverage system default dashboard (s) to provide real-time status of CDO monitoring tools and executive-level views for daily and weekly briefs on the EC3 SOC video wall
Develop, maintain, and provide a daily morning brief and an end-of-day brief to provide current cyber security posture, issuance of directives, cyber events, and compliance status
Develop, maintain, and provide a weekly brief that captures all of the cyber events with metrics and trends
Provide trend analysis and reports on CDO activity such as higher echelon Directives, log/monitoring reports from SIEM alerts, incident status, trouble ticket status, and firewall and web proxy metrics (CDRL A00013)
Document and track incidents (currently via SharePoint and OneNote) in accordance with the reporting procedure and archive historical CDO data
Submit and track all service tickets submitted on behalf of CDO internally and to external organizations
Obtain and maintain accounts from external DOD agencies on NIPRNET, SIPRNET, and JWICS in order to receive reports from multiple sources to incorporate CDO briefs and distribute to stakeholders
Maintain situational awareness on cyber incidents and activity with the appropriate DOD partners (e.g., CSSP, USCYBERCOM, NSA, etc.) via various tools and reporting mechanisms (e.g., NTOC, CENTAUR, CMRS, JIMS, Acropolis) on all enclaves (NIPRNET, SIPRNET, and JWICS)
Review and determine if external reports, orders, and directives are applicable to DCSA enclaves and execute response actions as required
Track and coordinate all tasks, cyber events, external assessments, tickets, and all other applicable actions with the agency’s Cyber Security Service Provider
Research, identify, and verify new Advanced Persistent Threat Tactics, Techniques, and Procedures (TTP) from commercial and Government sources and provide recommendations in order to strengthen the overall DCSA cyber security posture
Develop, update, and manage the existing DCSA CDO collaborative SharePoint site and coordinate operations, maintain libraries, briefs, and training
Provide existing weekly, monthly, and ad-hoc reports as required
Provide weekly status reports on all relevant events affecting DCSA networks
Configure and administer the SIEM (Splunk); provide advanced expertise to maximize the capabilities of the SIEM through monitoring the health of SIEM connections, data feeds and storage capacities for audit purpose
Provide detection methods and relevant log analysis for abnormalities, attacker pattern, and behaviors
Furnish methods of collection, logging, filtering, and tuning of baselining data
Design and configure data alerting and summarization within SIEM and implement meaningful dashboards and reports
Collect and keep audit data to support technical analysis relating to misuse, penetration, or other incidents involving IT under DCSA purview
Document the technical details of suspected network incidents to support incident response and reporting requirements
Provide Impact Reports on all incidents, followed by an After Action Report (CDRLs A00018 and A00019)
Analyze impact of firewall configurations
Analyze data logs to include but not limited to servers, end point security, firewalls, web proxy, and infrastructure devices
Identify violations of internet access by reviewing web content filtering logs in accordance with DCSA policy, DoD policy, and CDO SOPs
Develop and maintain SOPs for cyber analysis
Perform trend analysis of cyber events to identify potential problem areas
Make recommendations for systemic, policy or procedural changes in order to mitigate specific risks
Support cyber reporting on all cyber events
Analyze ESS data to determine potential threats
Analyze ESS data to determine unauthorized systems
Analyze ESS to determine infected systems
Analyze ESS data to identify systems that with unauthorized software and hardware
Analyze ESS data to determine unauthorized system changes
Develop and maintain SOP for ESS Continuous Monitoring
Develop and maintain forensic SOPs for conducting forensic investigations in accordance with DoD and DCSA directives and legal requirements
Conduct computer forensic analysis with current software, tools, and systems in accordance with applicable DoD directives and CJCM 6510
Acquire and preserve a forensic image of data from system hard disk drives, and volatile memory to include but not limited to documents, images, email, webmail, Internet artifacts, web history and cache, HTML page reconstruction, chat sessions, compressed files, backup files, encrypted files, RAIDs, system files, executables, scripts, on workstations, laptops, servers, VDIs, external mass storage, and smartphones and tablets
Create a forensic exact binary duplicate of the original system or media utilizing EnCase Forensic (or similar) tool
Daily, review or user activity discovered by CDO network monitoring tools
Develop lists of indicators and triggers of insider threat activity
Develop and maintain SOPs and guides outlining the thresholds for referrals to DCSA Insider Threat Working Group
Analyze user activity data from CDO tools to determine which indicators or triggers can be applied
Determine thresholds for user activity that would require referral to DCSA Insider Threat Working Group
Analyze user activity data from CDO tools to determine if thresholds for user activity have been met that would require further investigation
Create SOPs and guides for intrusion assessments
Perform trend analysis intrusion assessment and report results to identify potential problem areas
Make recommendations for systemic, policy or procedural changes in order to mitigate vulnerabilities found
Execute Intrusion Assessment Plan as required
Execute Threat Hunting activities
Collaborate with Counter Intelligence organization to compile cyber Threat Intelligence
Qualification
Required
Bachelor's degree from an accredited university/college
Must have and maintain an active DoD Top Secret/SCI level clearance
Minimum 7 years of experience in a similar role
Required to meet DoDM 8140/DoDM 8570.01-M IAT Level III requirements prior to onboarding
Preferred
CSSP-Manager is preferred
Forensics - additional certification: EnCase Certified Examiner (Preferred); shall have minimum the Forescout administrator certification at time of award
Company
PCI Federal
Ecke Holding Company LLC, doing business as Poarch Creek Indians Federal (PCIF), was formed under the Poarch Band of Creek Indians Tribe to provide high quality products and services to Federal customers.
501-1000 employees
Funding
Current Stage
Late StageLeadership Team
Tabitha Campbell
Sr Regional Recruiting Business Partner
Company data provided by crunchbase