Easter Seals Jobs

This position is for a NOSC Cyber Manager with a company located in Stennis, MS.

Summary: Sev1Tech is seeking a Network Operations Security Center (NOSC) Cyber Manager, assisting in the 

monitoring

, detection, analysis, mitigation, and response to threats and adversarial activity

.

The DHS NOSC Lead has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and 

is responsible for 

directing and coordinating detection and response activities performed by each Component SOC.

The Monitoring and Analysis team provides 24x7 support across 4 different shifts. We have 

front 

half shifts (day and night) and back half shifts (day and night). The front half shift will work 12-hour shifts from Sunday -- Tuesday and alternating Wednesdays. The back half shift will work 12-hour shifts from Thursday -- Saturday and alternating Wednesdays. Candidates must have the ability to work non-core hours, if necessary.

Duties include network security monitoring and detection, pro-actively searching for threats, inspecting traffic for anomalies and new malware patterns, 

investigating 

and analyzing logs, 

providing 

analysis and response to alerts, and documenting activity in NOSC investigations and Security Event Notifications (SENs).

Responsibilities include but are not limited to:

• Supervise  and manage a small team of Cyber Network Defense Analysts (CNDAs) within the NOSC in support of the government customer
• Manage and conduct hands-on technical detection, analysis, containment, eradication, and remediation as a member of the Incident Response team
• Guide and mentor peers and subordinates to  provide  cross training
• Ensure accountability and punctuality of security analysts assigned to your shift
• Capture cybersecurity metrics that support executive-level briefings (daily, weekly, monthly)
• Articulate daily challenges to the Government Watch Officer (GWO)
• Analyze web and host logs for indications of compromise
• Re-mediate and coordinate the remediation of infected or compromised  devices
• Ensure shift continuity during  call-outs  and emergencies
• Compile incident reports, executive summaries, and analysis reports of intrusions and/or security events
• Document and update processes, workflows, and technical guides

• Perform simple  firewall  rule changes (after training)

   Education and Qualifications: A Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field and a minimum of eight (8) years total professional experience in at least two (2) of the areas listed below:

• Vulnerability Assessment

• Intrusion Prevention and Detection
• Access Control and Authorization
• Policy Enforcement
• Application Security
• Protocol Analysis
• Firewall Management
• Incident Response
• Encryption
• Web-Filtering
• Advanced Threat Protection
• Military experience and training may be considered in lieu of degree
• Active advanced cybersecurity certification(s)

• Experience conducting detailed technical analysis of Cybersecurity Events and Incidents

   

Candidates should also demonstrate the following:

• Extensive knowledge of a SOC's/NOSC's purpose and role within an organization
• Detailed understanding of common network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)
• Expertise with network topologies and network security device functions (e.g. Firewall, IDS/IPS, Proxy, DNS, etc).
• Expertise with packet analysis tools such as Wireshark
• Able to perform critical thinking and analysis to investigate cyber security alerts
• Extensive knowledge of common malware and attack vectors
• Extensive experience with Windows operating systems and standard OS logging

• Extensive experience with Antivirus, DLP, and host-based firewalls

   

Must have at least one of the following certifications:

• Comptia: Security+, Network+, CASP
• SANS GIAC: GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH
• EC Council: CEH, CHFI, LPT, ECSA
• ISC2: CCFP, CCSP, CISSP CERT CSIH
• Offensive Security: OSCP, OSCE, OSWP and OSEE

Active Top Secret Security clearance with Dept of Homeland Security (DHS) or Customs & Border Protection (CBP) Active Top Secret Security clearance with Dept of Homeland Security (DHS) or Customs & Border Protection (CBP) preferred

This position will typically be located in either Colorado Springs, CO, Stennis, MS, Chandler, AZ, National Capitol Region (NCR) or Remote where applicable. Candidates who meet the minimum qualifications, appropriate clearance level, and are geographically aligned (or the ability to relocate) will be considered first.

Malware reverse-engineering experience

Two (2 plus) years of experience as an operations/technical lead on similar projects

Experience supporting 24x7 

missions

Experience in network and cybersecurity design, 

engineering 

and operations

Experience with Service Desk support and operations

Experience with NIST SP 800 series or ISO 27000 series documents for information security management and risk assessment

Understanding of DevOps/Agile concepts and processes

Extensive KSAs in SOC methodologies and processes

[[Experience with scripting languages (e.g.[,  ]{ccp-para=""}]{ccp-para=""}]{contrast="none"}