Sev1Tech
NOSC Cyber Manager
Sev1Tech, Washington, District of Columbia, us, 20022
Overview/ Job Responsibilities
Sev1Tech is seeking a Network Operations Security Center (NOSC) Cyber Manager, assisting in the monitoring, detection, analysis, mitigation, and response to threats and adversarial activity. The DHS NOSC Lead has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC.
The Monitoring and Analysis team provides 24x7 support across 4 different shifts. We have front half shifts (day and night) and back half shifts (day and night). The front half shift will work 12-hour shifts from Sunday - Tuesday and alternating Wednesdays. The back half shift will work 12-hour shifts from Thursday - Saturday and alternating Wednesdays. Candidates must have the ability to work non-core hours, if necessary.
Duties include network security monitoring and detection, pro-actively searching for threats, inspecting traffic for anomalies and new malware patterns, investigating and analyzing logs, providing analysis and response to alerts, and documenting activity in NOSC investigations and Security Event Notifications (SENs).
Responsibilities include but are not limited to:Supervise and manage a small team of Cyber Network Defense Analysts (CNDAs) within the NOSC in support of the government customerManage and conduct hands-on technical detection, analysis, containment, eradication, and remediation as a member of the Incident Response teamGuide and mentor peers and subordinates to provide cross trainingEnsure accountability and punctuality of security analysts assigned to your shiftCapture cybersecurity metrics that support executive-level briefings (daily, weekly, monthly)Articulate daily challenges to the Government Watch Officer (GWO)Analyze web and host logs for indications of compromiseRe-mediate and coordinate the remediation of infected or compromised devicesEnsure shift continuity during call-outs and emergenciesCompile incident reports, executive summaries, and analysis reports of intrusions and/or security eventsDocument and update processes, workflows, and technical guidesPerform simple firewall rule changes (after training)Minimum Qualifications
A Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field and a minimum of eight (8) years total professional experience in at least two (2) of the areas listed below:
Vulnerability AssessmentIntrusion Prevention and DetectionAccess Control and AuthorizationPolicy EnforcementApplication SecurityProtocol AnalysisFirewall ManagementIncident ResponseEncryptionWeb-FilteringAdvanced Threat ProtectionMilitary experience and training may be considered in lieu of degreeActive advanced cybersecurity certification(s)Experience conducting detailed technical analysis of Cybersecurity Events and IncidentsCandidates should also demonstrate the following:
Extensive knowledge of a SOC's/NOSC's purpose and role within an organizationDetailed understanding of common network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)Expertise with network topologies and network security device functions (e.g. Firewall, IDS/IPS, Proxy, DNS, etc).Expertise with packet analysis tools such as WiresharkAble to perform critical thinking and analysis to investigate cyber security alertsExtensive knowledge of common malware and attack vectorsExtensive experience with Windows operating systems and standard OS loggingExtensive experience with Antivirus, DLP, and host-based firewallsMust have at least one of the following certifications:
Comptia: Security+, Network+, CASPSANS GIAC: GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIHEC Council: CEH, CHFI, LPT, ECSAISC2: CCFP, CCSP, CISSP CERT CSIHOffensive Security: OSCP, OSCE, OSWP and OSEEActive Top Secret Security clearance with Dept of Homeland Security (DHS) or Customs & Border Protection (CBP) Active Top Secret Security clearance with Dept of Homeland Security (DHS) or Customs & Border Protection (CBP) preferred
This position will typically be located in either Colorado Springs, CO, Stennis, MS, Chandler, AZ, National Capitol Region (NCR) or Remote where applicable. Candidates who meet the minimum qualifications, appropriate clearance level, and are geographically aligned (or the ability to relocate) will be considered first.
Desired Qualifications
Malware reverse-engineering experienceTwo (2 plus) years of experience as an operations/technical lead on similar projectsExperience supporting 24x7 missionsExperience in network and cybersecurity design, engineering and operationsExperience with Service Desk support and operationsExperience with NIST SP 800 series or ISO 27000 series documents for information security management and risk assessmentUnderstanding of DevOps/Agile concepts and processesExtensive KSAs in SOC methodologies and processesExperience with scripting languages (e.g., Python, Powershell, Javascript, VBS etc.)
About Sev1Tech LLC
Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.
Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech
For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com
Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Sev1Tech is seeking a Network Operations Security Center (NOSC) Cyber Manager, assisting in the monitoring, detection, analysis, mitigation, and response to threats and adversarial activity. The DHS NOSC Lead has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC.
The Monitoring and Analysis team provides 24x7 support across 4 different shifts. We have front half shifts (day and night) and back half shifts (day and night). The front half shift will work 12-hour shifts from Sunday - Tuesday and alternating Wednesdays. The back half shift will work 12-hour shifts from Thursday - Saturday and alternating Wednesdays. Candidates must have the ability to work non-core hours, if necessary.
Duties include network security monitoring and detection, pro-actively searching for threats, inspecting traffic for anomalies and new malware patterns, investigating and analyzing logs, providing analysis and response to alerts, and documenting activity in NOSC investigations and Security Event Notifications (SENs).
Responsibilities include but are not limited to:Supervise and manage a small team of Cyber Network Defense Analysts (CNDAs) within the NOSC in support of the government customerManage and conduct hands-on technical detection, analysis, containment, eradication, and remediation as a member of the Incident Response teamGuide and mentor peers and subordinates to provide cross trainingEnsure accountability and punctuality of security analysts assigned to your shiftCapture cybersecurity metrics that support executive-level briefings (daily, weekly, monthly)Articulate daily challenges to the Government Watch Officer (GWO)Analyze web and host logs for indications of compromiseRe-mediate and coordinate the remediation of infected or compromised devicesEnsure shift continuity during call-outs and emergenciesCompile incident reports, executive summaries, and analysis reports of intrusions and/or security eventsDocument and update processes, workflows, and technical guidesPerform simple firewall rule changes (after training)Minimum Qualifications
A Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field and a minimum of eight (8) years total professional experience in at least two (2) of the areas listed below:
Vulnerability AssessmentIntrusion Prevention and DetectionAccess Control and AuthorizationPolicy EnforcementApplication SecurityProtocol AnalysisFirewall ManagementIncident ResponseEncryptionWeb-FilteringAdvanced Threat ProtectionMilitary experience and training may be considered in lieu of degreeActive advanced cybersecurity certification(s)Experience conducting detailed technical analysis of Cybersecurity Events and IncidentsCandidates should also demonstrate the following:
Extensive knowledge of a SOC's/NOSC's purpose and role within an organizationDetailed understanding of common network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)Expertise with network topologies and network security device functions (e.g. Firewall, IDS/IPS, Proxy, DNS, etc).Expertise with packet analysis tools such as WiresharkAble to perform critical thinking and analysis to investigate cyber security alertsExtensive knowledge of common malware and attack vectorsExtensive experience with Windows operating systems and standard OS loggingExtensive experience with Antivirus, DLP, and host-based firewallsMust have at least one of the following certifications:
Comptia: Security+, Network+, CASPSANS GIAC: GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIHEC Council: CEH, CHFI, LPT, ECSAISC2: CCFP, CCSP, CISSP CERT CSIHOffensive Security: OSCP, OSCE, OSWP and OSEEActive Top Secret Security clearance with Dept of Homeland Security (DHS) or Customs & Border Protection (CBP) Active Top Secret Security clearance with Dept of Homeland Security (DHS) or Customs & Border Protection (CBP) preferred
This position will typically be located in either Colorado Springs, CO, Stennis, MS, Chandler, AZ, National Capitol Region (NCR) or Remote where applicable. Candidates who meet the minimum qualifications, appropriate clearance level, and are geographically aligned (or the ability to relocate) will be considered first.
Desired Qualifications
Malware reverse-engineering experienceTwo (2 plus) years of experience as an operations/technical lead on similar projectsExperience supporting 24x7 missionsExperience in network and cybersecurity design, engineering and operationsExperience with Service Desk support and operationsExperience with NIST SP 800 series or ISO 27000 series documents for information security management and risk assessmentUnderstanding of DevOps/Agile concepts and processesExtensive KSAs in SOC methodologies and processesExperience with scripting languages (e.g., Python, Powershell, Javascript, VBS etc.)
About Sev1Tech LLC
Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.
Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech
For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com
Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.