Cyber Security Incident & Response Manager

Type of Requisition:

Regular

Top Secret/SCI

Top Secret/SCI

None

Cyber and IT Risk Management

Skills:

Cyber Incident Response, SIEM Tools, Splunk (Inactive)

Certifications:

None

Experience:

10 + years of related experience

US Citizenship

Required:

Yes

Advance your career while impacting our national security in cyber as a Cybersecurity Manager e, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government.

As a Cybersecurity Manager, the work you’ll do at GDIT will be impactful to the mission of US Battlefield Information Collection and Exploitation System eXtended (US BICES/-X). You will play a crucial role in managing the Cyber Detect Incident & Response team. You will provide line management, leadership and strategic direction for the team and liaise closely with other managers. In addition, this role identifies potential security risks, recommends mitigation measures and implements remediation measures.

• Monitor system health using government provided tools on a 24x7x365 basis
• Monitor security tools and controls.
• Support security updates, configurations and integration of new tools in response to the evolving threat landscape.
• Maintain situational awareness in the intelligence driven landscape and respond to reporting from a DCO perspective.
• Oversee operational incident management and recommend enhancements to the customer’s monitoring suite of solutions, including working with service owners to ensure proper monitoring procedures are in place and necessary adjustments are made.
• Track and monitor the health of the capability delivery services to include Scheduled and Emergency Maintenances.
• Assist the government with incorporating detection mechanisms for unauthorized, security related configuration changes.
• Manage all incident response and monitoring systems in terms of Operations-Based, Ticket & Alert-Driven mindset.
• Assist the government in developing, maintaining, and updating catalog of standard operating and response procedures and protocols.
• Ensure Knowledge Base Articles are available for technicians to use.
• Gather and analyze metrics to benchmark the Operations Center workload/performance and identify security trends and issues.
• Provide productivity, service level, and key performance metrics in support of business objectives.
• Continuously review reporting requirements and current data collection methods to ensure efficiency. Work with teams to collaborate in the most efficient way to report and retrieve data.
• Experience driving discussions with senior government personnel regarding trade‑offs, best practices, project management and risk mitigation.
• Demonstrated ability to collaborate with stakeholders and business owners to provide guidance and recommendations on improving IT infrastructure.
• A proactive approach to identifying issues and problems, areas for improvement, and performance bottlenecks along with an ability to offer and implement solutions to address these.
• Experience creating dashboards to track service health that appeal to both technical and non‑technical audiences preferably with Splunk.
• Monitor CVA activity in real time and direct/coordinate activities as appropriate.
• Participate in joint exercises spanning teams across the globe to develop/refine IR TTPs.
• Excellent written and verbal communication skills, with a strong attention to detail and superior ability for problem solving.
• Skilled at directing a small team and executing responsibilities with minimal supervisor interaction.

• 10+ years of experience.
• BA/BS or the equivalent combination of education, technical training, or work/military experience.
• Must meet DOD 8750 requirements and be eligible for IAT level III & CSSP Incident Response upon hire for positions with elevated privileges and must obtain ITIL V4 Foundation within six months of hire. Additional specific certifications may be required, depending on job assignment.
• Must possess and maintain a Top Secret/SCI Security Clearance.
• Abil…