1. Lead advanced incident detection, investigation, and analysis efforts. 1. Correlate SIEM, EDR, IDS/IPS, and firewall data to identify and analyze potential incidents. Perform deep-dive investigations to determine root cause, scope, and impact of incidents. Apply MITRE ATT&CK and other frameworks for adversary TTP identification. 1. Guide preparation, identification, containment, eradication, and recovery actions in collaboration with SOC, forensics, and engineering teams. Ensure incident handling aligns with established guidelines, response plans, and playbooks. Analyze telemetry, logs, and behavioral patterns for indicators of compromise or attack. Work with forensic teams to ensure proper forensic collection, preservation, and analysis of digital evidence. Coordinate with forensics teams to ensure chain-of-custody and evidence integrity. Develop and enhance SOC processes, playbooks, and detection capabilities. Perform threat intelligence collection, analysis, and dissemination. Analyze and contextualize intelligence to produce actionable recommendations. Provide real-time guidance during active incidents. Collaborate with stakeholders to strengthen overall cybersecurity posture. Work with engineering, IT, and cloud teams to address identified vulnerabilities. Participate in tool evaluations, recommending solutions that enhance SOC capabilities and identify capability overlap. Support internal coordination with client sections, divisions, and external entities. Provide executive-level briefings on security events and SOC performance. Master's degree in any of the following disciplines (Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science), from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC. One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program. Minimum 8 years of experience in Information Technology (IT) and/or Information Security (IS). DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding. Active Secret Security Clearance Must be a US Citizen who lives within a commutable distance to the client's sites in Arlington or Merrifield, VA. CBROPS CFR CompTIA: CySA+, Security + CE, CASP+CE FITSP-O SANS: GCFA, GCIA, GDSA, GICSP CCNA-Security, CCNP Security CISSP (or associate), CCSP CISA SSCP CND
All Job Ads are subject to GrabJobs’s Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by GrabJobs moderation team. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.
Be the first to receive the latest Others Full-Time Jobs in the US.
Setup your job alert:
By activating job alerts, I agree to GrabJobs Terms & Privacy Policy. I can unsubscribe to job alerts anytime.
Skip
GrabJobs is the no1 job portal in the US, connecting you to thousands of jobs fast!
Find the best jobs in the US, apply in 1 click and get a job today!