Cyber Shift Lead - Night Shift

The Mid Shift Operations Lead manages and directs a team of Real‑Time Analysts responsible for delivering 24x7 cybersecurity monitoring services for Department of Defense networks during the 2400‑0800 ET mid shift Monday–Friday. This role oversees Defensive Cyber Operations across three sites, including threat intelligence analysis, correlation of actionable security events, and network traffic analysis using raw packet data. The leader collaborates with Boundary Defense and Cybersecurity Services mission leads to coordinate resources during incident response activities, supports professional development of team members, and ensures consistent, transparent communication at all levels.

• Support and Lead Cybersecurity Monitoring & Analysis
  • Investigate alerts generated from endpoints, IDS/IPS, Net Flow data, and custom sensors to detect compromises on customer networks.
  • Analyze extensive log files, pivot between diverse datasets, and correlate evidence to support incident investigations, creating detailed technical reports outlining your findings.
  • Triage security alerts to rapidly identify malicious actors targeting customer networks.
  • Monitor and analyze DoD and open‑source intelligence feeds to identify IOCs and integrate them into security sensors and SIEMs.
  • Report security incidents to customers and USCYBERCOM, ensuring timely communication and coordinated response.
• Team Leadership & Development
  • Leads and supports assigned personnel by conducting regular employee engagement activities, working with Government Representation to meet shared goals and set priorities, collaborating with Operations Managers on training and performance reviews, and maintaining effective communication with Operations Leads and Human Resources to address employee performance.
  • Collaborates with senior leadership to ensure long‑term mission effectiveness and resolve any personnel or operational roadblocks.
  • Ensures consistent implementation and adherence to leadership directives and organizational policies in collaboration with People Leaders on their respective teams and shifts.
• Direct the performance and mission success of a cross‑functional team
  • Sustain and improve situational awareness regarding all deliverable metrics and outcomes.
  • Advance the mission through cross‑team collaboration and developmental initiatives.
  • Guide the mission with a growth mindset, emphasizing positive outcomes.

• Minimum active DoD Secret clearance with the ability to obtain TS/SCI.
• Current DoD 8570 IAT Level II certification (or higher), such as CompTIA Security+ CE, ISC2 SSCP, or SANS GSEC (or equivalent).
• Ability to obtain DoD 8570 CSSP‑A Level Certification within 180 days of hire.
• Strong foundation in networking, including packet analysis, common ports and protocols, traffic flow, OSI model, defense‑in‑depth security principles, and common security elements for effective threat detection, analysis, and mitigation as a SOC Security Analyst.
• Bachelor's degree and 8+ years of relevant experience; equivalent work experience and/or military service may be considered in lieu of a degree.
• Proven ability to work effectively both independently and as a collaborative team member, demonstrating initiative and a strong work ethic.
• Committed to continuous learning and self‑improvement in the cybersecurity domain.
• Excellent problem‑solving skills, including the ability to collaborate effectively with cross‑functional teams to address complex security challenges in real‑world scenarios.
• Reliable and flexible, with a demonstrated willingness to work assigned shifts to support operational requirements and team objectives.
• Minimum of two (2) years managing a team of five (5) or more direct reports and/or a minimum of two (2) years of experience managing cross‑functional cybersecurity teams.
• Located within a commutable distance (within 2 hours) or able to self‑relocate to Hill AFB, UT;
  Scott AFB, IL; or Columbus, OH.

• Prior experience working with the Defense Information Systems Agency (DISA) and/or Department of Defense (DoD) networks.
• Advanced knowledge of TCP/IP, common networking ports and protocols, traffic…