GDIT is seeking Security Operations Center (SOC) Shift Leads to provide support to our Government Customer’s Computer Security Incident Response Center (CSIRC). This organization validates and reports cybersecurity incidents to the United States Computer Emergency Readiness Team (US-CERT). The CSIRC has a consolidated enterprise view of security events and network activity, and provides a holistic security overview to the Federal Customer by identifying, verifying, and understanding cyber events in order to respond effectively, develop mitigation strategies, and deliver timely products that address and incorporate stakeholder needs. The CSIRC tracks incident notifications originating from multiple sources: US-CERT, OpDivs, Incident Response Teams (IRT), and customer computer systems user, and / or a third party. These Lead positions will help us ensure that GDIT provides the necessary support, resources, personnel, and services to the Federal Customer in a 24x7x365 environment.
Job Responsibilities / Duties:
Ensure escalated incidents are followed through on and data is collected and reported
Responsible for tasking the staff appropriately on the particular first, second, or third shift. Supply guidance to staff as needed in accordance with operational policies and procedures.
Effectively communicate any issues or concerns with the Federal CSIRC Task Lead.
Initiate action to ensure appropriate coverage for the upcoming shift in the event of an oncoming Analyst missing his or her shift for any reason.
Assure that staff has access to tools and systems needed to complete CSIRC duties.
Ensure onboarding of new personnel is conducted in accordance with policy
Ensuring all information in the shift report is complete, accurate, and well understood.
Ensuring all conference calls are coordinated as scheduled.
Provide daily status updates of CSIRC floor tempo.
Provide any issues related to CSIRC personnel and scheduling to federal staff.
Required Skills / Experience:
BA / BS Degree or equivalent experience and 5+ years of directly applicable Security Operations experience or 10+ years’ of experience without a degree.
Computer networking concepts and protocols, and network security methodologies.
Risk management processes (e.g., methods for assessing and mitigating risk).
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Cyber threats and vulnerabilities and specific operational impacts of cybersecurity lapses.
Knowledge of business continuity and disaster recovery continuity of operations plans.
Host/network access control mechanisms (e.g., access control list, capabilities lists).
Network services and protocols interactions that provide network communications.
Incident response and handling methodologies.
Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
Packet level and network traffic analysis methods.
System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
What constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
Cyber defense and information security policies, procedures, and regulations.
Different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
Cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
System administration, network, and operating system hardening techniques.
Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Malware analysis concepts and methodologies.
Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
Application Security Risks (e.g. Open Web Application Security Project Top 10 list).
Any of the following Certifications: CEH, CFR, CCNA Cyber Ops, CySA+, GCFA or GCIH, SCYBER.
The ability and willingness to support this 24x7x365 CSIRC as assigned by the Federal POC.
Ability to obtain and maintain a US Government Public Trust or Secret Level Security Clearance
Desired Skills / Experience:
Previous Team Lead or Management experience.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.