SOC OPERATIONS LEAD WITH SECURITY CLEARANCE

The Cybersecurity SOC Operations Lead will directly report to the Branch Chief of Defensive Cyber Operations. The candidate will take previous experience within cybersecurity operations, hunt/blue teams, red teams, and threat intelligence to achieve strategic goals by executing policies and procedures at a tactical level that best align with strategic direction given by the Chief of TCS Cyber. The SOC Operations Lead will oversee the day-to-day execution of all teams aligned to the subordinate organization. This would include identifying opportunities to mature processes and personnel with the intent to execute the mission effectively and efficiently. When appropriate, will provide guidance and recommendations to leadership on matters relating to the prioritization of resources. As result, the SOC Operations Lead will be required to effectively work with and communicate with varying levels of stakeholders to include TCS leadership, technical customers, non-technical customers, and all TCS staff of varying skillsets and experience. Responsibilities: * Execute the mission of TCS Cyber Focused Operations. This requires the coordination of Threat Intelligence, Hunt, Adversarial Threat Emulations, and Defensive Countermeasures development. * Continue to mature and integrate all capabilities into a unified workflow, or Fusion Cell, following a predetermined model * Work with the Lead of the Security Operations Center (SOC), will define and integrate specific workflows into the Fusion Cell where appropriate * Assist both the Branch Chief of Defensive Cyber Operations and Chief of TCS Cyber with the design, development, implementation, operations and sustainment of cybersecurity services that enhance the cybersecurity posture of NGA Programs, Systems, and the Enterprise * When required, will conduct research and analysis to assist with solution design and implementation planning for the modernization of existing cybersecurity solutions and infrastructures in partnership with internal and external stakeholders * Will assist with the monitoring of performance and morale of staff across the Cybersecurity Division by providing recommended courses of action, to resolve issues, to TCS leadership * As needed, will provide guidance or direction to lower-level staff * Assist with the research and evaluation of new concepts, processes, and technology to improve performance and gain efficiencies within Focused Operations. Required Qualifications: * Bachelor's degree, or higher, in Computer Science, Cyber Security Engineering or IT-related discipline. With an additional 8 years of experience in the cybersecurity field. Additional years of experience may be substituted in lieu of degree. * Candidate must have a TS/SCI with ability to obtain a Polygraph * Demonstrated leadership experience serving in positions such as functional manager or team lead for a minimum of 3 years * Sufficient knowledge of complex enterprise cybersecurity systems and technologies with the ability to interpret network and web architecture documentation. * Demonstrated experience providing briefings to an executive audience. * Certified DoD 8140.01 and 8570.01-M Information Assurance Technical Officer (IAT) Level III * Certified DoD 8140.01 and 8570.01-M CSSP Analyst * Understanding of the Security Operations Capability Maturity Model(s) (SOC-CMM, C2M2, or equivalents) to secure information systems. * Demonstrated experience with ODNI ICS 500-27, NSM-8, and OMB M21-31 * Understanding of cybersecurity compliance policy, programs, processes, and metrics. * Excellent verbal and writing skills with the ability to write clear and concise assessment reports. * Good understanding of project management concepts such as ITIL and the differences between Iterative versus Waterfall methodologies. * Demonstrated experience in cybersecurity design, engineering and operations with emphasis on NGA capabilities. * Strong understanding of adversarial tactics and techniques as it applies to offensive cyber operations. * Strong understanding with the Intelligence Lifecycle and how it applies to Cyber Threat Intelligence reporting. * Strong understanding of the various methodologies that can be leveraged to conduct Hunt operations. * Strong understanding of pattern analysis and regular expressions * Strong understanding of Purple Team tactics and mitigating enterprise visibility or defensive gaps. * Strong understanding of Mitre ATT&CK and the ability to map the corresponding TTP to the appropriate defensive capability as it relates to countermeasure development. Desired: * Demonstrated 5 or more years of experience supporting an IC or DoD agency in adopting and transitioning systems and services to cloud environments, including hybrid cloud environments * Proficient in vendor agnostic cloud security concepts