Deputy Cyber Incident Response Team (CIRT) Manager

Deputy Cyber Incident Response Team (CIRT) Manager

The Deputy Cyber Incident Response Team (CIRT) Manager ensures exceptional service for managed services customers and helps drive employee engagement for CIRT staff members. They will help coordinate the daily activities of CIRT staff; orient, train, and mentor staff; monitor incident management queues; address client escalation issues; and interface with clients as needed. The CIRT Deputy Manager is expected to be process-oriented and accountable for the overall success of the CIRT's Cyber Defense Mission.

This position requires a minimum of a USG Top Secret Security Clearance

Responsibilities Include:

• Support managing CIRT team consisting of up to 30 cyber defense analysts providing cyber detection, incident response, and recovery coordination services to the customer. • Provide leadership and guidance to the incident response team members, fostering a collaborative and cohesive working environment. Aid in prioritizing tasks and assigning responsibilities during incident response efforts.
• Serve as a subject matter expert in identifying cyber threat events and incident response. Provide input on process improvements and contribute to the technology roadmap for the strategic plan.
• Manage and coordinate the organization's incident response activities, including detection, analysis, containment, eradication, and recovery efforts for security incidents.
• Develop and maintain incident response plans, playbooks, and procedures tailored to the organization's needs. Ensure that response plans are regularly reviewed, updated, and tested.
• Ensure thorough documentation of security incidents, including incident timelines, actions taken, and lessons learned. Prepare incident reports and post-incident reviews to identify areas for improvement and implement corrective measures.
• Field escalated customer issues and resolve or refer to specialized experts as needed
• Identify both tactical and strategic solutions to contain incidents.
• Develop and refine processes, procedures, and techniques used by the team to continually improve the incident response efforts.
• Perform metrics trend analysis and reporting; guide resultant process improvement.
• Communicate policies, expectations, and feedback to CIRT staff
• Facilitate a high-performance team environment and employee engagement
• Guide and coordinate projects requiring scheduling.
• Contribute to developing, communicating, and implementing policies, procedures, best practices, recommendations, and guidelines for standards.
• Train, mentor, and develop a talented group of security operations and incident response professionals. Conduct individual meetings with team members to address performance, and training needs, set expectations, and facilitate a 2-way dialogue regarding the team members' experience.
• Other duties as assigned and required.

Required Skills:

• Must be a U.S. Citizen
• This position requires an active/current Top-Secret security clearance with SCI eligibility.
• Must be able to obtain DHS suitability before starting employment.
• 10+ years of directly relevant experience
• Computer Emergency Response Team (CERT/CIRT) hands-on experience
• Current experience with network intrusion detection and response operations (Protect, Defend, Respond, and Sustain procedures)
• Hands-on experience in the detection, response, mitigation, and/or reporting of cyber-attacks affecting client networks
• Computer network surveillance/monitoring
• Current incident response experience using Splunk
• Current experience with AWS/Azure security solutions and cloud security investigations
• Previous security investigation experience (OS Forensics, Network Forensics, Web Application Forensics, Cloud Forensics, etc.)
• Experience as a Linux/Windows/Network administrator
• Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures
• Familiar with System log analysis, computer evidence seizure, computer forensic analysis, and data recovery
• Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
• Excellent verbal and written communication skills
• Efficient delegation and task prioritization
• Ability to interview and select employees by company guidelines and EEOC commitments
• Ability to coordinate and facilitate staff training
• Ability to provide feedback, coach employee performance, and effectively implement disciplinary action as needed
• Ability to manage and resolve conflicts as they arise
• Demonstrated ability to document processes
• The ability to respond to crises efficiently and objectively
• Proficiency with MS Office Applications
• Must be able to work collaboratively across agencies and physical locations

Desired Skills:

• Experience supporting DHS, Federal Civil, Intelligence, and/or DoD Customers
• Computer Forensics experience
• Malware reverse engineering experience
• Experience with Risk and Opportunity management
• Scripting experience (Python, Perl, etc.)
• Experience with process development and deployment
• Prior experience with data visualization products such as Analyst Notebook
• Prior experience working in one of the following is highly desired:
• DOD/FED Cyber Intel organization
• DCIO/MCIO, with Cyber Counterintelligence focus

Desired Certifications:

• DoDI 8570.01-M IAT Level 2
• Additional technical CND response certification (CEH, GCIH, GCIA, OSDA SOC-200 or GNFA)

Required Education & Experience:

Bachelor's degree OR eight (8) years of related experience with a master's degree.