What are the responsibilities and job description for the AOUSC - SOC Manager position at cFocus Software Incorporated?
cFocus Software seeks a SOC Manager to join our program supporting the Administrative Office of the United States Courts (AOUSC). This position is Hybrid with the onsite location being in Washington, DC. This position requires a Public Trust clearance.
Qualifications:
Qualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 7 years’ experience in an active incident responder position; two (2) years of recent (within the last five (5) years) experience providing technical direction to a SOC (over 5,000 endpoints).
- 2 years of experience implementing IR in a federal environment in accordance with federal incident handling guidelines as specified in NIST CSWP-29: CSF, and NIST SP-800-61 Computer Security Incident Handling Guide.
- 2 years of experience using Splunk SIEM to correlate cybersecurity alerts.
- 3 years’ experience in auditing using operating system (Linux and Windows) to perform cybersecurity services.
- Strong technical writing skills to effectively communicate complex analytical findings and produce clear, concise, well-structured reporting to include executive audience level reports,
- This role aligns to the NICE work role PD-WRL-001 (Defensive Cybersecurity).
- Active SANS GCIH or GCIA certification
- Provide operational leadership and management oversight for 24x7x365 SOC operations supporting Judiciary cybersecurity activities.
- Manage cybersecurity triage, incident response, containment, remediation, recovery, and post-incident review activities.
- Ensure operational adherence to the Judiciary Security Operations Center Incident Response Plan (JSOCIRP), SOC Standard Operating Procedures (SOPs), and AO-defined escalation procedures.
- Oversee alert triage activities utilizing Splunk Enterprise Security, Microsoft Sentinel, ServiceNow, Jira, and other approved Government systems.
- Ensure timely acknowledgment, triage, escalation, and handling of cybersecurity alerts in accordance with SLA requirements and incident prioritization timelines.
- Lead operational coordination during Priority 1 and Priority 2 cybersecurity incidents and ensure timely government notification and escalation.
- Oversee development and maintenance of cybersecurity triage work instructions, incident handling SOPs, response action procedures, and operational documentation.
- Manage SOC analysts, incident responders, and forensic personnel to ensure staffing coverage, operational readiness, and quality performance.
- Review and validate cybersecurity incident reports, post-incident reviews (PIRs), forensic reports, malware analysis reports, and operational status reporting.
- Coordinate with AO leadership, federal staff, watch officers, branch chiefs, and stakeholders regarding cybersecurity incidents, operational risks, and emerging threats.
- Ensure accurate documentation of all cybersecurity activities, artifacts, timelines, and communications within ServiceNow and other authorized systems.
- Manage operational metrics including Mean Time to Acceptance (MTTA), Mean Time to Triage (MTTT), containment timelines, remediation timelines, and quality assurance metrics.
- Conduct weekly technical meetings and provide operational briefings, metrics, trends, risk assessments, and remediation recommendations.
- Develop and maintain Common Operational Picture (COP) awareness and cybersecurity operational reporting for AO stakeholders.
- Support continuous improvement initiatives by identifying detection gaps, process inefficiencies, workflow improvements, and operational enhancements.
- Coordinate cybersecurity forensics and malware analysis activities including evidence preservation, malware analysis, root cause analysis, and artifact review.
- Ensure operational compliance with NIST SP 800-53, NIST SP 800-61, NIST Cybersecurity Framework (CSF) 2.0, and ITIL v4 principles.
- Support transition-in and transition-out activities including onboarding, operational readiness, training, and knowledge transfer.
- Provide executive-level and technical-level cybersecurity briefings, reports, and presentations.
- Support enterprise security awareness reporting and development of operational KPIs.