SOC Technical Lead

• Serve as Technical Lead for Incident Analysis, providing subject matter expertise in incident response operations to include incident investigations, analysis and process improvement.
• Oversee the execution of investigations to ensure thoroughness, accuracy, and completeness and assist with tickets and investigations as needed
• In coordination with management, recognize, adopt, and instill best practices in security engineering fields throughout the organization
• Continuously evaluate, shape, and make necessary changes to improve the efficiency and effectiveness of the Incident Response program
• Provide technical/analytical recommendations for improvement to the program of record
• Perform Risk Management activities and analysis and recommend mitigations to address identified risks and issues
• Own and facilitate exercise drill execution and planning
• Instill accountability for incident analysis to all levels of the contract team and ensure expectations are effectively communicated to the team

• Bachelor’s degree in a technical field and 8+ years of experience as a cyber security analyst, incident responder, or other closely related cyber security role, or High School Diploma and 12+ years of experience
• 5+ years of experience with SIEM, Windows and Linux Internals, NIST 800-53 and NSM-8
• 1+ years’ experience leading a team
• Experience responding to on-net cyber-attacks, such as, adversary credential breaches, account creations, shell or reverse shell usage, exfiltration, or similar
• Relevant certifications in cyber investigations, incident response, or cyber analysis, such as GCFE, GREM, OSCP, or similar

• Active/current TS/SCI with Polygraph is required for this position

• Must be able to remain in a stationary position 50%

ManTech