Security Operations Center Manager

MindPoint Group is seeking a Security Operations Center (SOC) Manager to join our growing team.

Responsibilities:

• Oversee the SOC and coordinate all activities for event and incident analysis, cyberthreat intelligence collection, and threat hunt
• Develop training plans for SOC engineer and analysts; mentor and grow SOC personnel
• Drive continual process and procedure improvement by developing workflows and integration points across all SOC teams
• Supervise the development of detection use cases based on available log sources; identify missing log sources and advocate for their inclusion
• Serve as technical expert and liaison to law enforcement personnel and explain incident details as needed
• Coordinate with intelligence analysts to correlate threat assessment data
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
• Plan and recommend security modifications or adjustments based on exercise results or system environment
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity, weaknesses exploited, exploitation methods, and effects on systems and information
• Determine tactics, techniques, and procedures (TTPs) for intrusion sets; construct signatures that can be implemented on cyber defense network tools in response to new or observed threats
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts; ensure timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Document and escalate incidents (including the event's history, status, and potential impact for further action) that may cause an ongoing and immediate impact on the environment; coordinate after-action reviews including lessons learned
• Notify stakeholders of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan; provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities
• Analyze and report on network defense and security posture trends
• Work with stakeholders to resolve computer security incidents and vulnerability patching compliance
• Provide advice and input for disaster recovery, contingency, and continuity of operations plans
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
• Coordinate with third-party vendors and partners to ensure effective operational delivery of services and technologies
• Support cyberthreat intelligence reporting by monitoring open source intelligence to maintain the currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.

Required:

• Bachelor's degree (or an additional 4 years of related experience)
• Active advanced cybersecurity certification is required (e.g., CISSP)
• Minimum five (5) years of advanced SOC experience including
  • Advanced knowledge and experience providing technical leadership to an incident response team (i.e., in an "incident commander" role)
  • Hands-on experience performing intrusion detection and large-scale incident response
  • Experience maintaining and tuning IDS and IPS hardware and software
  • Deep technical understanding of current and emerging cyber technologies
  • Deep technical understanding of the full cyber threat/attack lifestyle, including attack vectors, methods, and TTPs
  • Deep understanding and experience with intelligence-driven defense
• Mature understanding of industry SOC standards and best practices (e.g., OMB, NIST, US-CERT, etc.)
• Strong leadership, written and verbal communication, and analytical and problem-solving skills are required
• Ability to provide steady leadership in a high-pressure environment with changing priorities.

Clearance: TS/SCI Required

Location: This role is onsite in Columbia, SC or Washington, DC; travel up to one week per quarter