Security Operations (SOC) Manager

Leidos has an immediate need for a Security Operations Manager for an existing customer on a highly-visible and strategic Cybersecurity Task Order that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff. 

The Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise.  The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a shared DHS incident tracking system and other means of coordination and communication.

Primary Responsibilities

The Security Operations Manager will plan, direct and manage day to day activities of contractor security operations staff and support customer strategic planning to build and mature SOC Capabilities. The Operations Manager will also be responsible for the following:

• Drive implementation and improvement of new tools, capabilities, frameworks, and methodologies across all teams within the customer’s security operations environment
• Manage and conduct hands-on technical analysis as a supplement to Incident Response and Forensics Teams during high-visibility or high-workload investigations
• Guide and mentor junior staff
• Suggest and implement controls for key information security gaps within the customer security infrastructure
• Conduct and maintain detailed gap analysis of customer capabilities
• Ensure timeliness and quality of reporting produced by the security operations staff to stakeholders
• Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations
• Promote and drive implementation of automation and process efficiencies
• Act as subject matter expert in several security technologies (depth) with ability to lead across enterprise security domains (breadth)
• Communicate adeptly at all levels from executive-suite to front-line analysts
• Expertly collaborate across multiple disciplines and levels of the organization
• Multitask with expert organizational skills in a fast-paced environment
• Demonstrate an open mind, creative thinking, willingness to take calculated risks, and a strong ability to make informed decisions
• Create job descriptions for new positions and manage annual performance plans for the SecOps team
• Provide guidance and leadership to the SecOps team for technology solutions related to the services that the team operates
• Develop and enforce event response and escalation documentation and processes for Security Operations Center to follow
• Respond to customer inquiries around security-related questions resulting from security incidents
• Develop and support incident response plans, processes, and procedures, and advise on steps to achieve incident response readiness (logging and monitoring configurations, triage and escalation procedures, wider stakeholder liaison, etc.)
• Track emerging security practices and innovations and work with the customer to execute where appropriate.
• Will work regular 8:00 – 5:00 pm hours, on-call and after-hours support in response to incidents as dictated by mission requirements
• Continually mature SOC operations and capabilities, developing intra-team relationships, and building trust and rapport with external stakeholders

Basic Qualifications

.

• Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS twelve (12) years of experience in incident detection and response, malware analysis, and or cyber forensics.
• 6+ years of supervising and/or managing teams
• 8+ years of intrusion detection and/or incident handling experience
• Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response
• Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
• Experience with Cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape

Preferred Qualifications

• Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations for a large and complex enterprise
• Significant experience supervising and leading employees of various labor categories and technical skill levels in efforts similar in size and scope to a mature Security Operations Center
• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Demonstrated mastery of the life cycle of cybersecurity threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs).
• Extensive leadership experience creating, building, and maintaining high-performing teams, particularly in a cybersecurity environment
• Previous experience managing an enterprise SOC/NOC/NOSC

*Position will require 5 days a week on site if 50 miles from site location*

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.