Job FunctionsSOC ChiefMonitoring and Analysis Support Team LeaderIncident Response CommanderInformation Security GAP Analysis ReviewerThreat Hunting and Forensics Specialist
Job RequirementsBachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Technologies, or other related fields7+ years of experience in SOC operations and incident response including SOC management and an IR commander roleExperience with Cyber Threats, Cyber Threat Intelligence, Insider Threat Hunting, Threat Hunting and Forensics, & Incident Assessment and Response
SkillsCertified Information Systems Security Professional (CISSP)GIAC Incident Response CertificationMicrosoft Certified Security Operations Analyst AssociateCore competencies in leading Information Security GAP Analysis reviewKnowledge, skills, tasks, and capabilities described in the NICE Work Roles for Incident Response (PD-WRL-003), Insider Threat Analysis (PD-WRL-005), and Threat Analysis (PD-WRL-006) as outlined in the NICE Work Role FrameworkExperience with Cyber Threats, Cyber Threat Intelligence, Insider Threat Hunting, Threat Hunting and Forensics, & Incident Assessment and ResponseStrong leadership skills to manage a team of cybersecurity professionalsExcellent communication skills to effectively communicate with stakeholders at all levelsAbility to work under pressure and make quick decisions in high-pressure situationsStrong analytical skills to identify and investigate unusual activities highlighted by security apparatus or reported by external sourcesAttention to detail to maintain intrusion detection sensors and software and deliver formal reports
cFocus Software seeks a SOC Chief to join our program supporting the Federal Communications Commission (FCC). This position is on-site in Washington, DC.
Qualifications:
- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Technologies, or other related fields
- Certified Information Systems Security Professional (CISSP).
- GIAC Incident Response Certification. and
- Microsoft Certified Security Operations Analyst Associate
- 7+ years of experience in SOC operations and incident response including SOC management and an IR commander role
- Core competencies in leading Information Security GAP Analysis review. and cyber security operations and incident response
- Possess the knowledge, skills, tasks, and capabilities described in the NICE Work Roles for Incident Response (PD-WRL-003), Insider Threat Analysis (PD-WRL-005), and Threat Analysis (PD-WRL-006) as outlined in the NICE Work Role Framework
- 7+ years of experience with Cyber Threats, Cyber Threat Intelligence, Insider Threat Hunting, Threat Hunting and Forensics, & Incident Assessment and Response
Duties:
- Establish a Monitoring and Analysis support team (the SOC at FCC) dedicated to systematically assessing Cybersecurity information sourced from sensors, analytical systems, and various cybersecurity tools.
- Identify and investigate any unusual activities highlighted by security apparatus or reported by external sources, FCC units, administrators, or users via various channels.
- Evaluate, implement, and maintain intrusion detection sensors and software and deliver informal reports and Technical Evaluation Reports (TER) resulting from their assessments.
- Proactively monitor, detect, analyze, respond to, and report cybersecurity events in compliance with Federal requirements
- Receive automated, user-reported, and externally reported alerts of suspicious activity
- Continuously monitor all IT systems and assets
- Investigate alerts and triage incidents, analyze root causes, and respond to minimize damage and recover from cyber incidents.
- Monitor system status, escalate potential incidents, and manage incident cases and tickets.
- Assess risks for High Assurance Gateway access and Web Access Requests
- Analyze reports, apply antivirus, intrusion detection, DMA, and perform vulnerability assessments
- Author custom detection content, tune SIEM and IDS/IPS events, maintain SIEM content, and perform program reviews
- Evaluate hardware/software, improve processes, manage data, coordinate incident reporting
- Provide Tier 1 to 3 cybersecurity analysis, 24/7/365 monitoring, and incident response
- Document events and actions, including SOC activities, IR metrics, and reports
- Maintain a Cyber Defense Playbook and a SOC Communication Plan, updating as needed
