Job Description
- Plans, directs, and coordinates the Security Operations Center for the program.
- Work closely with technical leadership (government / program / management)
- Develop and present performance reports and metrics
- Develop and meet performance management requirements
- Provide technical leadership for an engineering team to evolve the SOC and integrate activities with teams of cloud security specialists.
- Consult with cloud team and leadership to set the direction for security monitoring and threat detection.
- Ensure the successful integration of cloud logging and security monitoring services with SIEM.
- Direct the development and implementation of rules/signatures in SIEM, and other monitoring platforms, to detect and alert on suspicious activity in Rivera Consulting Group’s public cloud environments.
- Direct the deployment and management of cloud logging and security monitoring services for AWS and Azure Cloud environments.
- Provide guidance and direction on operations for cloud-based Cyber Defense systems and services
- Support cloud-related service migrations to AWS or Azure.
- Provide guidance on system administration of Cloud based automation tools.
- Assist in testing and evaluation of new cloud services.
- Direct a team on Incident Response / security investigations in hybrid cloud and on-premise environments.
- Ensures proper implementation of required government policy (i.e., NISPOM, DCID 6/3, ICD, NIST) and others leading team to ensure compliance across all activities
- U.S. Citizenship
- Active Secret clearance. Must be able to obtain a TS/SCI clearance
- Must be able to obtain DHS Suitability
- 10 years of experience engineering, operating, and managing layered security and SIEM integration for on premise or cloud/private cloud environments
- 5+ years of Tier 3 incident handler experience in cloud and/or on-premise environment
- 2+ years management in SOC environments in both personnel and technology to include all aspects of personnel management including hiring, performance management, training/compliance, annual salary planning and all other dimensions.
- Minimum 3 years of professional experience working with AWS or Azure infrastructure, services in a security focused role.
- Advanced knowledge of AWS & Azure architectural concepts.
- Experience engineering, operating, and managing layered security and SIEM integration
- Demonstrated experience handling incidents across multiple operating systems
- Excellent written and oral communication skills
- Information Security and IT certifications: Cisco, Red Hat, AWS, etc.
- Experience administering cyber security tools such as Firewalls, SIEM, and PCAP
- Experience with security log analysis.
- Experience working on a Computer Incident Response Team (CIRT)
- Previous experience working in a Security Operations Center (SOC)
- Virtualization technologies, e.g. VMWare, HyperV, etc.
- Automation and IaC tooling, e.g. Ansible, Terraform, etc.
- Scripting in Python or Perl
- “Big Data” Analysis systems, e.g. Splunk, ELK, etc.
- Understanding of Project Management and SDLC methodologies, especially Agile.
- Experience with CNAPP
Benefits:
Health Insurance
401k