Job Type: Full Time
Location: Remote
Clearance: Secret
Who is Ardalyst Defense, LLC?
Ardalyst Defense, LLC is a Maryland, Service-Disabled Veteran-Owned Small Business (SDVOSB) that provides engineering services and technical, analytical and cyberspace operations services to integrated U.S. government agency operations. Ardalyst personnel have decades of direct operations experience in full-scope Cyberspace Operations - at the Service, Joint and National Agency levels.
Are you an Ardalyst?
Ardalyst is a mashup of Ardent, meaning passionate and Catalyst, meaning change agent. To be an Ardalyst means to be passionate about creating and sustaining meaningful transformations.
Speak Your Mind Collaboration is at the heart of everything we do and our belief in diversity of people supports our goal for diversity in thought. Ardalysts (that isnt just what we call ourselves) come ready to contribute and find solutions.
Focus On Your Strengths We invest in understanding the strengths and weaknesses of each employee so that you can shine at what YOU do best.
See Yourself Grow Ardalysts have cited being encouraged to take educated risk, kick-start progress, and advance their skills as one of their favorite things about working at Ardalyst and we are determined to keep it that way.
Job Description
We are seeking a Defensive Cyber Operations Subject Matter Expert to add to our dynamic team. In this role, you will be part of the team responsible for designing, engineering, and delivering Defensive Cyber Operations (DCO) / security operations (SOC) solutions based on next generation open source and best of breed commercial solutions to our client.
Your primary responsibility is to work with the engineering team and our client to identify their SOC/DCO and cybersecurity needs, develop applicable system use cases and rapidly iterate from concept to solution. This role focuses on developing and delivering standard operating procedures and training material needed to operate and deploy the system in the clients environment. You will fuse a keen sense of empathy for the customers challenges with your hands-on expertise with SOC, DCO, and IT security solutions to delight the customer.
Duties and Responsibilities
- Identify Customer Requirements: Meet with customers to understand the use cases and workflows that need to be documented and incorporated into system user guides and standard operating procedures.
- Develop Solutions: Design and build effective training materials to equip the next generation of Defensive Cyber Operations Analysts.
- Collaborate effectively: Leveraging the customers requirements; partner with sales, developers, engineering, and customer team members to solve issues and provide sustainable solutions.
- Experience writing and editing SOPs, DCO playbooks, and other related operational documentation.
- Strong analytical, critical thinking, and problem-solving skills.
- Strong verbal and presentation skills.
- Self-motivated, highly organized and detail oriented with the ability to work independently, prioritize and multi-task.
- 2 years industry experience in cybersecurity operations or related roles.
- 3 years industry or government experience working in a security operations center (SOC) or Defensive Cyber Operations (DCO) service provider in a technical incident-handling role: alert triage, incident investigation, or response.
- Bachelors degree in information systems, cyber security, Computer Science, or other similar related field, or 2-6 additional years of equivalent experience.
- This position requires the ability to obtain and maintain a DoD Secret security clearance.
- The ability to travel to customer sites 0-25% as required.
- Work in incident handling specifically in a DoD DCO service provider (DCOSP) is a huge plus.
- Experience developing and delivering formal training curricula.
- Experience monitoring network sensing technologies: passive and active taps, packet brokers, packet filtering, passive IDS monitoring, active IDS monitoring, PCAP retention, storage management, high speed packet capture, network detection and response (NDR) and related technologies.
- Experience tuning and customizing network monitoring systems, signatures, analytics, and rules, NetFlow, Layer 5-7 traffic metadata, and related technologies.
- Hands-on experience in development, scripting, or automation with exposure to at least two languages, such as: BASH, Powershell, Python.
- Experience implementing and optimizing SOC/analyst tools and data consumption: data parsing, APIs, automation/scripting, integration, SIEM, SOAR, and the like.
- Hands-on experience with best of breed commercial and open-source network sensing technologies, like: Snort, Suricata, Bro/Zeek, Trellix/McAfee/FireEye, Palo Alto, Cisco Firepower, Gigamon, Ixia, NetOptics, etc.
- Hands-on experience with multiple open source and best of breed commercial and open source SIEM and SOAR technologies: Microsoft Sentinel, Splunk, Exabeam, ELK, Securonix, or similar.
- Hands-on experience with Azure or Azure Stack HCI
- Hands-on experience configuring and optimizing server and data center hardware.
- Hands-on experience with high-volume event message bus technologies like Kafka or Azure Event Hub
- Domain-related certifications are a plus, such as from Microsoft, SANS, Offensive Security, ISC2, etc.
- Experience performing technical writing and editing.
- Prolonged periods of sitting at a desk and working on a computer
- This is a remote / work-from-home role.
- Competitive salary commensurate with experience
- Paid Time Off (PTO)
- Paid Holidays
- 401(k) Retirement Plan
- Health, Dental, Vision and Life insurance
- Short Term and Long-Term Disability insurance
- Monetary assistance with training and certifications
Ardalyst Defense, LLC is an EOE that empowers employees, no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristicto meet and exceed customer expectations and thrive in a collaborative and dynamic work environment.