Cyber Defense Operations Lead

Join to apply for the Cyber Defense Operations Lead role at PCI Federal
.

This position may be located in Quantico, VA
, Hanover, MD or Huntsville, AL
.

$/hr - $/hr

Contractor shall provide CDO support that includes administer Data at Rest solution, analysis reports, forensics investigations, and trend reports. Analysis reports are conducted daily covering the Security Information and Event Manager (SIEM), end security, network access control, and vulnerability scanners, threat hunt operations. Analysis reports are produced daily covering activities that are used to depict current network security and any anomalous activity.

Any anomalous activity is investigated by the Contractor and provided to the Government to vet at least one to five a day. Forensic investigations are required throughout the year.

• Produce monthly cyber trends analysis report.
• Wireless scans, analysis, and reporting are required quarterly.
• Coordinates and tracks data spills.
• Analyze impact of cyber warning intelligence and AS&W.
• Develop tailored countermeasures to address identified threats and prevent or mitigate potential cyber event impacts to DCSA.
• Update and maintain the SOPs for Security Operations Center (SOC) functions annually.
• Develop and maintain a dashboard(s) or tracking technology to track the Action Officer, status, and compliance of orders and directives including, but not limited to, Tasking Orders (TASKORDs), Fragmentary Orders (FRAGOs), and Operation Orders (OPORDs) to display on the EC3 SOC video wall. This dashboard or tracking technology will have feeds into the integrated dashboard.
• Develop, maintain, and leverage system default dashboard(s) to provide real‑time status of CDO monitoring tools and executive‑level views for daily and weekly briefs on the EC3 SOC video wall. This dashboard or tracking technology shall have feeds into the integrated dashboard.
• Develop, maintain, and provide a daily morning brief and an end‑of‑day brief to provide current cyber security posture, issuance of directives, cyber events, and compliance status.
• Develop, maintain, and provide a weekly brief that captures all of the cyber events with metrics and trends.
• Provide trend analysis and reports on CDO activity such as higher echelon Directives, log/monitoring reports from SIEM alerts, incident status, trouble ticket status, and firewall and web proxy metrics (CDRL A00013).
• Document and track incidents (currently via SharePoint and One Note) in accordance with the reporting procedure and archive historical CDO data.
• Submit and track all service tickets submitted on behalf of CDO internally and to external organizations.
• Obtain and maintain accounts from external DOD agencies on NIPRNET, SIPRNET, and JWICS in order to receive reports from multiple sources to incorporate CDO briefs and distribute to stakeholders.
• Maintain situational awareness on cyber incidents and activity with the appropriate DOD partners (e.g., CSSP, USCYBERCOM, NSA, etc.) via various tools and reporting mechanisms (e.g., NTOC, CENTAUR, CMRS, JIMS, Acropolis) on all enclaves (NIPRNET, SIPRNET, and JWICS).
• Review and determine if external reports, orders, and directives are applicable to DCSA enclaves and execute response actions as required.
• Track and coordinate all tasks, cyber events, external assessments, tickets, and all other applicable actions with the agency’s Cyber Security Service Provider.
• Research, identify, and verify new Advanced Persistent Threat Tactics, Techniques, and Procedures (TTP) from commercial and Government sources and provide recommendations in order to strengthen the overall DCSA cyber security posture.
• Develop, update, and manage the existing DCSA CDO collaborative SharePoint site and coordinate operations, maintain libraries, briefs, and training.
• Provide existing weekly, monthly, and ad‑hoc reports as required.
• Provide weekly status reports on all relevant events affecting DCSA networks.
• Configure and administer the SIEM (Splunk); provide advanced expertise to maximize the capabilities of the SIEM through monitoring the health of SIEM connections, data feeds and storage capacities for audit purpose.
• P…