As the Cyber Security Operations Center (CSOC) Tier 3 Team Lead, you are responsible for overseeing and managing the activities of the Security Operations Center. Your role involves leading a team of security analysts and engineers who monitor, detect, analyze, and respond to security incidents and threats in an organization's IT environment. As a CSOC Team Lead, you play a critical role in safeguarding the organization's assets, data, and reputation from cyber threats. Leadership skills, technical expertise, and a deep understanding of cybersecurity concepts are essential for success in this role. The physical worksite for this position is in Rockville, MD.

Responsibilities:

• Team Management: You are responsible for building and managing a highly skilled and efficient team of Tier 3 Security Analysts. This involves hiring, training, and mentoring security analysts, engineers, and other team members. You will ensure that each team member understands their roles, responsibilities, and goals within the SOC.
• Effectively communicate information to stakeholders of all levels.
• Incident Response: Coordinating the response to security incidents is a crucial aspect of your role. When a security incident occurs, you will lead the team in analyzing and containing the threat, mitigating the impact, and initiating recovery procedures.
• Security Monitoring and Detection: Overseeing the continuous monitoring of security events and alerts to identify potential security breaches or threats. This includes analyzing logs, network traffic, and security tools to detect anomalous behavior and suspicious activities.
• Threat Intelligence: Keeping abreast of the latest security threats, vulnerabilities, and attack techniques is essential. You will be responsible for integrating threat intelligence into your SOC's processes and ensuring the team is well-informed about emerging risks.
• Incident Analysis and Reporting: Your team will investigate and analyze security incidents to understand their root cause and potential impact. You will generate incident reports for both technical and non-technical stakeholders, including management and relevant authorities.
• Security Tooling and Technology: Evaluating and implementing security technologies, such as SIEM (Security Information and Event Management) systems, intrusion detection/prevention systems, and other security tools that enhance the SOC's capabilities.
• Process Improvement: Continuously improving SOC procedures, workflows, and playbooks to streamline incident response and enhance overall security operations.
• Collaboration: Working closely with other teams in the organization, such as IT, network operations, compliance, and legal, to ensure effective communication and coordination during security incidents.
• Compliance and Regulations: Ensuring that the SOC operates in compliance with relevant security standards, regulations, and policies.
• Training and Awareness: Conducting regular security awareness training for employees to enhance the overall security posture of the organization.

• 5 years of experience within a cybersecurity environment; 3 years of experience in a leadership role is required.
• Bachelors Computer Science, or a related field; or relevant, 10 years of commensurate work experience.
• Endpoint and network security experience required.
• Experience in a security operations center, or similar environment, and identifying indications of compromise or attack and responding to incidents.
• CISSP or CISM, required; CEH, Network , SANS FOR578: Cyber Threat Intelligence, preferred.
• Knowledge of MITRA attached framework.
• Vulnerability/cyber incident management framework
• Experience in SOC Tier 3, managing a team of individuals.
• Experience with digital forensics and process
• Knowledge of Splunk, Crowdstrike, tenable, forescout, Xscalar, BigFix, MS360, Encase, Fireeye, Cortex SOAR XDR, Prisma

• IDS, IPS, EDR, ATP, Malware defenses and monitoring experience.
• Threat hunting experience preferred.
• Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.
• Working knowledge of incident response procedures.
• Experience with SQL query construction preferred.
• Experience administering and supporting Windows OS (both workstations and server) and one of the following: Apple or Linux-based operating systems.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Strong understanding of Windows event log analysis
• Experience with enterprise information security data management - SIEM experience a plus.
• Programming and scripting skills a plus.
• Excellent troubleshooting and analytical thinking skills
• Strong documentation and communication skills
• Advanced Cyber Security certifications preferred but not required such as SANS FOR508/578: Advanced Incident Response, Threat Hunting, and Digital Forensics, Splunk Core Certified Advanced Power User, Splunk Administrator, and Splunk SOAR administrator.
• Excellent customer service skills

About A-TEK, Inc.

Headquartered in McLean, VA, A-TEK is comprised of a team of experts in managing the data that drives federal missions. With employees in 13 states, and a 26-year partner to U.S. government agencies including the National Institutes of Health (NIH), Food and Drug Administration (FDA), Department of Homeland Security (DHS), Department of Justice (DoJ), and the Department of Commerce (DoC). We deliver IT services and solutions coupled with a scientific capability across a myriad of government mission areas including public health, law enforcement, national security, environmental, and science. 

A-TEK, Inc. is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or status as a qualified individual with a disability, or Vietnam era or other protected Veteran status.