SOC Chief Sr.

ECS is seeking a SOC Chief Sr. to work in our Washington, DC office.

ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a Senior Security Operation Center (SOC) Manager to provide a full range of cybersecurity services on a long-term contract in Washington DC. The position is full time/permanent and will provide 24x7x365 support for a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

• Responsible for development and leadership of a 24x7x365 SOC, to include establishment of the mission, SOC maturity and optimizing, task management, playbook development and maintenance, and developing and deploying an integrated NOC/SOC model.
• Perform the SOC Chief activities to include project tracking schedules, risk registers, and risk and issue mitigation strategies for SOC and incident response activities.
• Ensure the timeliness and quality of deliverables so that all information and data are accurate and complete;
• Lead Information Security GAP Analysis review;
• Perform administrative functions such as reviewing performance and operations to ensure appropriate performance;
• Ensure effective coordination, collaboration, and communication with federal personnel;
• Serve as the primary incident commander for all cybersecurity incidents;
• Must possess a functional understanding of log and monitoring management systems, security event monitoring systems, network-based and host-based intrusion detection systems, firewall technologies, malware detection and enterprise-level antivirus solutions/systems.
• Must have demonstrated experience with managing and ensuring the timely response and investigations of security events and incidents by the Security Operations Center (SOC).
• Have demonstrated experience with developing and facilitating cybersecurity tabletop exercises for technical and non-technical personnel.
• Must possess a working knowledge of regulatory security compliance requirements.
• Familiarity with White House Executive Orders (OE) on improving the Nation's Cybersecurity and subsequent Office of Management and Budget (OMB) memorandums.
• Familiarity with FISMA monitoring and reporting requirements.
• Must have experience with conceptualizing, developing, publishing and communicating status reports for executive leadership.
• Work closely with client CISO and cybersecurity leadership to identify implement process changes, improvements and efficiencies, and ensure solid security practices.
• Develop and administer SOC processes and review their application to ensure that SOC's controls, policies, and procedures are operating effectively.
• Establish and maintain excellent working relationships/partnerships with the cybersecurity and infrastructure support teams throughout the Information Technology organization, as well as business units.
• Play a significant role in long-term SOC strategy and planning, including initiatives geared toward operational excellence.
• Execute security operations processes, identify and measure critical security operations metrics, and continually improve the efficiency and effectiveness of all core services in scope.
• Manage and develop SOC team members, including mentoring, task management, and capability/skill development.
• Provide a framework for team members to be successful in achieving team goals and individual performance objectives.
• Provide security expertise to the SOC team leveraging industry leading practices.
• Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment.
• Recommends implementation of countermeasures or mitigating controls
• Resolve or coordinate the resolution of cybersecurity events/incidents.
• Participate in root cause analysis or lessons learned sessions.
• Collaborates with technical and threat intelligence and threat hunt analysts to provide indications and warnings and contributes to predictive analysis of malicious activity.
• Must have experience with creating and maintaining shift schedules to ensure 24x7x365 coverage by operations support personnel.

Salary Range: $175,000 - $200,000

General Description of Benefits

• Top Secret, SCI eligible

• 8 years of Information Technology experience, with at least 5 years of experience in information security working within security operations
• 7-10 years of experience in SOC operations and incident response including SOC management and an IR commander role.
• Experience with maturing and optimizing SOCs.
• Experience with utilizing Cyber Threat Intelligence to enhance security operations, and threat detections and response.
• Preferred experience with developing and deploying an integrated NOC/SOC model.
• Excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems.
• Strong customer service skills and decision-making skills
• Working knowledge of cloud infrastructure preferred
• Career proven knowledge and experience with log, network, and system forensic investigation techniques
• Significant experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs.
• Significant experience with host and network analysis
• Experience with reading malware analysis reports
• Knowledge of diverse operating systems, networking protocols, systems administration and security technologies
• Intelligence driven defense utilizing the Cyber Kill Chain (CKC) and MITRE ATT&CK
• Significant experience monitoring threats via a SIEM console
• Candidate must have familiarity with US-CERT Federal Incident Notification Guidelines
• Azure, Azure Sentinel, Microsoft 365 Defender (across endpoint, email, and collaboration) experience preferred.
• Working knowledge of FireEye/Trellix tools, Akamai WAF, Sourcefire, and Ironport.

• Strong sense of professionalism and ethics.
• Actively seeks to enhance the group through the sharing of knowledge.
• Acts with integrity and communicates honestly and openly.
• Ability to build rapport and cooperation among teams and internal stakeholders.
• Respects others and demonstrates fair treatment to all.
• Methodical and detail oriented
• Self-motivated
• Ability to work in a high-pressure environment with changing priorities;

• Bachelor's degree in computer science or related field or equivalent work experience
• Certified Information Systems Security Professional (CISSP)