GDIT has an opportunity for a dynamic and collaborative Intrusion Detection Team Shift Lead to join our team. The Intrusion Detection Team Shift Lead will be a member of our team supporting the Administrative Office of the U.S. Courts (AOUSC), Information Technology Security Office (ITSO). As a team member, the Intrusion Detection Team Shift Lead will work collaboratively with federal and contractor staff to ensure the SOC effectively meets or exceeds the security operations requirements of each shift in a timely and comprehensive manner.
The Intrusion Detection Team Shift Lead must be able to handle events, e.g., identifying user security issues, extensive troubleshooting, and coordinating resolution or restore using a variety of applications and testing tools throughout each shift. The events may include hardware/software failures, as well as, security breaches, threats, or network connectivity issues. The Intrusion Detection Team Shift Lead must ensure that each member of the shift acts in a professional and courteous manner while answering inbound security-related calls and provide the AOUSC with the best possible customer service that includes creating tickets, filling out necessary checklist paperwork, generating trouble tickets for all work and informational requests, handle security-related user complaints, and escalate to the next tier according to established procedures.
Provide Intrusion Detection Team shift leadership for enterprise-level SOC on a shift rotation to cover 24x7 operations.
Drive use of intrusion detection and protection tools, capabilities, methodologies across each shift within the SOC.
Provide technical guidance and support to the SOC Chief and Analysis and Response Branch (ARB) Chief.
Regularly provide high-level proactive technical support, including security configurations, security policy modification recommendation, and diagnostics of remote network security issues.
Identify and offer solutions to gaps in shift capabilities and visibility.
Promote and drive implementation of automation and process efficiencies for each shift.
Support detailed discovery and analysis of intrusion detection security events, conduct a quality assurance check of the initial analysis conducted.
Validate analysis that is conducted and ensure that the analysis provided is completed within the Service-Level Agreement (SLA).
Ensure that all incidents are clearly documented and processed in compliance with the AOUSC’s Intrusion Detection Team (IDT) Operations Guide and the Judiciary Security Operations Center Incident Response Plan (JSOCIRP).
Deliver a quality written shift lead report detailing work performed during the shift.
Ensure that a shift change includes a thorough briefing of shift activities to ensure continuity of operations and dissemination of key information.
Education and Experience:
Minimum ten (10) years of experience in IT Security, Cyber Security or Information Technology.
Three (3) years of team lead experience leading a SOC team.
Previous experience working in a SOC in an enterprise environment
Bachelor’s degree or equivalent experience in Computer Engineering, Computer Science, or Information Systems.
Strong understanding of latest security principles and protocols.
Strong understanding of security operations technologies including SIEM and orchestration.
Knowledge of emerging technologies and tactics used within a SOC, and how they are applied to improve efficiency and effectiveness.
Strong knowledge of tactics, techniques and procedures associated with cyber threats.
Knowledge and experience with PCs, LAN topologies, routers, hubs, and terminal servers.
Knowledge of security applications such as IDS, Security Event Management and anomaly detection tools.
Knowledge of trouble ticketing systems/CRM.
Understanding of the operation of test and analysis equipment such as protocol analyzers, and LAN/WAN sniffers.
Ability to read and interpret network diagrams.
Ability to read and understand packet captures.
Basic understanding of the OSI model.
Knowledge of Unix and Windows Operating Systems.
Experience with processes in functional areas (i.e., trouble management, fault management, and incident management).
Must have experience with security-related technologies including Active Directory, host-based firewalls, host-based intrusion detection systems, application white listing, server configuration controls, logging and monitoring tools, antivirus, and antivirus systems.
Must have in depth, hands-on experience with security features and system administration of Linux, UNIX, and Windows operating systems.
Must have an understanding of security vulnerabilities in common operating systems, web and applications servers, including knowledge of remediation procedures.
Knowledge of MITRE’s ATT&CK knowledgebase.
Excellent verbal and written communication skills
Excellent organizational and analytical skills
Ability to express thoughts clearly
Ability to collaborate in a team environment
Attention to detail
Certifications: Possess one cybersecurity and network-related certification, such as: GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED), Security+, Cisco Certified Network Associate/Professional (CCNA/CCNP).
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.