What are the responsibilities and job description for the AOUSC - Blue Team Lead position at cFocus Software Incorporated?
cFocus Software seeks a Blue Team Lead to join our program supporting the Administrative Office of the United States Courts (AOUSC). This position is Hybrid with the onsite location being in Washington, DC. This position requires a Public Trust clearance.
Qualifications:
Qualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- Five (5) year’s total project management related experience in the Cybersecurity or information technology industry.
- This includes development of policies and procedures, technical standards, and workflow development.
- Three (3) years of experience delivering cybersecurity services as part of a service delivery team and planning, managing and performing cyber security assessments, including assessment reporting deliverables.
- Active CISA or CISSP certification
- Lead and manage Blue Team support services that complement Red Team exercises and support overall Judiciary cybersecurity readiness.
- Develop methodologies for assessing customer environments using previous Red Team reporting, cybersecurity best practices, MITRE ATT&CK, NIST CSF 2.0, and ITSO leadership guidance.
- Conduct pre-engagement technical assessments to identify security gaps, misconfigurations, control weaknesses, and opportunities for defensive improvements.
- Develop actionable mitigation recommendations that clearly identify technical deficiencies, operational risks, remediation actions, required tools and skills, expected outcomes, and implementation timelines.
- Develop and deliver pre-engagement technical assessment reports and mitigation plans for AO staff and court units prior to Red Team exercises.
- Facilitate post-engagement meetings with Red Team customers and provide detailed remediation guidance based on findings from Red Team activities.
- Perform post-engagement assessments utilizing Red Team reports to identify missed controls, detection gaps, and unsuccessful defensive measures.
- Develop post-engagement assessment reports documenting improvements, residual risks, and recommended enhancements to customer environments.
- Lead the development and execution of cyber exercise support services including governance, communication strategies, facilitation, and operational coordination.
- Design, plan, facilitate, and execute tabletop exercises, inject-driven cyber exercises, and operational readiness scenarios for technical and executive audiences.
- Develop realistic exercise scenarios aligned to current cyber threats, adversary tactics, techniques, and procedures (TTPs), and Judiciary operational environments.
- Coordinate with ITSO Divisions, SOC personnel, Detection Engineering, Threat Hunting, Incident Response, and Cyber Threat Intelligence teams to support exercise planning and defensive operations.
- Conduct post-exercise analysis and develop executive summaries detailing strengths, weaknesses, lessons learned, operational readiness, and improvement opportunities.
- Support Detection Engineering efforts by assisting with analysis of threats, exploits, attack techniques, detection opportunities, and defensive recommendations.
- Develop and brief technical and executive-level presentations regarding Blue Team activities, cyber exercises, threat trends, and defensive posture improvements.
- Develop KPI metrics, operational reporting, annual summaries, and executive dashboards demonstrating improvements in Judiciary cybersecurity protection measures.
- Provide operational leadership and oversight for Blue Team activities in alignment with ITIL v4 service management principles and AO cybersecurity directives.
- Participate in weekly technical meetings, monthly program reviews, operational readiness meetings, and stakeholder briefings.
- Develop and maintain SOPs, work instructions, governance documentation, communication strategies, and process documentation supporting Blue Team operations.
- Assist with transition-in and transition-out planning, operational readiness activities, and knowledge transfer requirements.
- Collaborate with Red Team personnel to evaluate exploit paths, detection opportunities, and mitigation effectiveness.
- Support continuous improvement initiatives by identifying gaps in people, process, and technology across cybersecurity operations.
- Maintain awareness of emerging threats, adversary tradecraft, cybersecurity frameworks, and defensive security technologies relevant to the Federal Judiciary.