Security Operation Center; SOC Lead

Description

Security Operations Center (SOC) Lead - "W-TRS" Orlando, Florida

Working across the globe, V2X builds smart solutions designed to integrate physical and digital infrastructure from base to battlefield. We bring 120 years of successful mission support to improve security, streamline logistics, and enhance readiness. Aligned around a shared purpose, our $3.9B company and 16,000 people work alongside our clients, here and abroad, to tackle their most complex challenges with integrity, respect, responsibility, and professionalism.

Responsible for overseeing cybersecurity operations, incident response, and defensive cyber measures for centralized and geographically disbursed locations in support of Warfighter Training Readiness Solutions (W-TRS) program, U.S. Army PEO STRI. Oversee day-to-day activities, ensuring 24/7 monitoring and response to cyber threats. Supervise and lead SOC analysts, ensuring adherence to best practices and operational procedures. Implements proactive defense strategies. Enforces compliance & reporting, ensure compliance with DoD cybersecurity policies and generate reports for FISMA, Con Mon, and security incidents.

Tool maintenance and implementation, ensure enterprise toolsets are functioning, while driving adoption of new cybersecurity tools and automation to enhance efficiency to overall security posture.

Bachelor's degree in Cybersecurity and Information Assurance;
Advanced degree(s) preferred.

Years

Experience:

(8+MA/MS or 8+BA/BS)

8140/8570 DoD Certification;
Foundation-Advance / Information Assurance Technician (IAT-III) w/ CSSP Incident Responder certifications

• Brings hands-on experience in cybersecurity operations (including protection, detection, response, and sustainment)
• Possesses extensive technical expertise in current cybersecurity technologies and emerging innovations.
• Demonstrates comprehensive knowledge of the lifecycle of cybersecurity threats with development of associated tactics, techniques, and procedures (TTPs).
• Knowledge in planning, directing, and managing Security Operations Center (SOC) operations in an organization in a large, complex environment.
• Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.

• Support the implementation of, to include the production of documentation and associated artifacts with the implementation of, Cybersecurity requirements as identified in DoDI , and AR 25-2 based upon Risk Management Framework (RMF)
• Ensure all sites execute monthly continuous monitoring and compliance testing to validate the current configurations, against the documented security configuration baseline, and report compliance.
• Ensure SOC provides 24 hours a day monitoring for training rotations and exercises for remote sites.
• Ensure that SOC verifies all assets have a representative security configuration baseline documented in Defense Information Systems Agency (DISA) STIG checklist and Plan of Action and Milestones (POA&M) form.
• Direct patching and IA Vulnerability Alert (IAVA) for supported baselines
• Standardizes analysis and correlation of audit records using the Security Incident & Event Management (SIEM) tools across different repositories, to include backups.
• Enforcement of enterprise monitoring and controls communications at the external boundary for all sites and at key internal boundaries within the sites.
• Enforcement of enterprise monitoring, and controls for unauthorized software, to include mobile code through the continuous monitor process.
• Enforcement of all enterprise end point security software update at appropriate schedule within operational schedule.
• Ensure communication between remote sites with local cybersecurity governance personnel in accordance with the Incident Response Plan and security documentation.
• Ensure all sites are performing functional and security testing in support of Assessment and Authorization (A&A) activities.
• Ensure all sites configure and enable security features
• Enterprise Account management / IAM
• Support annual FISMA requirement for all sites, to support auditors with actual and historical data from SOC.

4+ years of supervising and/or managing teams

5+ years of Incident handling experience

Experience working with DoD / U.S. Army / Federal Government

Experience with software/tools:
Assured Compliance Assessment Solution (ACAS), Splunk, Endpoint Security Solution (ESS), Cisco Adaptive Security Appliance (ASA) Firewalls and Firepower IPS, SRGs, STIGS, DISA STIG Viewer, SCC/SCAP, Evaluate STIG

Experience as a Cyber Engineer

Must be a US Citizen with a DoD SECRET Clearance

N/A

Light Work. Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires greater exertion of forces than for sedentary work…