All leads must be able to perform the following duties:
Manages Information Systems Security personnel and provides oversight to security program(s) projects.
Assesses configuration changes for security impacts; assists in the development of alternate courses of action or implementation of resultant measures.
Performs system administration functions to include (but not limited to documenting the security architecture.
Develops user security guidelines and SOPS. Performs functions as required in support other the Defense Information Technology Security Certification and Accreditation program (DITSCAP) and DISAI 630-230-19.
The candidate shall provide Defensive Cyberspace Operations (DCO) situational awareness for identified portions of the DISA Continental United States (CONUS) and inter-theater enterprise infrastructure backbone to the DISA CONUS Commander and DISA CONUS Columbus Network Assurance Division on incidents of significant or serious nature. Candidate must demonstrate ability to delight the customers and subscribers with active engagement and partnering by anticipating needs, delivering flawlessly, collaboration and focusing on their success factors.
The candidate will guide and ensure the rigorous application of information security policies, principles and practices in the delivery of services to ensure an effective security program, including network defense, incident detection and incident response
The candidate will support, analyze and report efforts within a performance-based environment with pre-determined Acceptable Levels of Performance (ALPs) and Contract Data Requirements Lists (CDRLs) and support the development, documentation and tracking of relevant measurements.
Basic Qualifications Required:
Candidate must have demonstrated experience supporting and leading computer network defense (CND) or related teams in an information technology environment.
Hold DoD-8570 IAT Level 2 baseline certification (Security+ CE, CISSP or equivalent) with the ability to obtain CND-A certification within 180 days of start date.
Hold and maintain an active Top Secret clearance.
Candidate must have experience working with DoD / Government / Commercial Customer Leaders.
Candidate must have strong technical leadership skills.
Candidate must demonstrate excellent interpersonal and communication skills (both written and verbal).
Candidate must display flexibility and agility in a responding to business needs pertaining to staffing and workforce planning needs as well as the ability to multitask in a fast-paced environment.
Willing to perform shift work as needed: Coalition, APAN and Web DMZ and other missions as directed support shift hours as set by the Government Site Lead
CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.
Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations.
In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk).
Experience and proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics.
Experience with malware analysis concepts and methods.
Understanding of Linux and basic Linux commands; understanding of mobile technology and OS (i.e. Android, iOS, Windows)
Scripting and programming experience (Powershell; Bash/PERL/Python scripting)
Motivated self-starter with strong written and verbal communication skills.
Familiarity or experience in Lockheed Martin's Intelligence Driven Defense and/or Cyber Kill Chain methodology.
Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification. DoD-8570 Baseline Certification: IAT Level 2 with the ability to obtain CND-A certification within 180 days of start date.