OverviewThank you for considering IT Concepts dba Kentro, where innovation drives opportunity and collaboration leads to success. Our dynamic community of experts is fully committed to advancing our customers' missions, fostering professional growth, and making a positive impact on our communities. By joining our supportive community, you will find that Kentro is dedicated to your personal and professional development. Together, we can drive meaningful change, spark innovation, and achieve extraordinary milestones.
Kentro is seeking a highly technical
Security Operations Center (SOC) Subject Matter Expert (SME) to lead the design, implementation, integration, and optimization of
User and Entity Behavior Analytics (UEBA) and
Security Orchestration, Automation, and Response (SOAR) capabilities in support of the
USSOCOM Enterprise Data, Applications, and Training (EDAT) Zero Trust initiative. This position serves as the senior technical authority responsible for advancing the Department of Defense (DoD) Zero Trust
Visibility & Analytics and
Automation & Orchestration pillars by delivering innovative security operations capabilities that improve threat detection, response automation, and enterprise cyber resilience.
The SOC SME will architect and implement advanced analytics and automated response workflows that integrate with enterprise security technologies, including SIEM, endpoint detection and response (EDR/XDR), identity providers, network security tools, cloud platforms, and data protection solutions. This role will work closely with Zero Trust architects, cyber engineers, data security engineers, identity engineers, and government stakeholders to ensure security telemetry is normalized, correlated, and actionable across the USSOCOM enterprise.
As the technical lead for SOC modernization efforts, the SME will provide
Tier III and Tier IV engineering support, troubleshoot complex security incidents, develop automated response playbooks, and engineer advanced detection use cases leveraging behavioral analytics, machine learning, and threat intelligence. The successful candidate will drive the implementation of continuous monitoring, automated incident response, and proactive threat hunting capabilities while ensuring alignment with the DoD Zero Trust Strategy, NIST Cybersecurity Framework, RMF, and DISA Security Technical Implementation Guides (STIGs).
Location: Onsite in Tampa, FL Responsibilities- Working with the customer and other support contracts to ensure timely and reliable integration of Zero trust efforts.
- Working collaboratively with other ISSOs and key stakeholders to the RMF process.
- Creating and managing RMF artifacts and the entire ATO lifecycle.
- Coordinating with Cybersecurity SMEs to identify requirements and process improvements.
- Assisting cybersecurity assessors as required.
- Interpreting DISA STIG requirements.
- Acts as a member of a team, supporting teammates and collaborating with a "do what it takes" attitude to ensure product and team success.
- Hands on approach to performing your own assessments with enclave and network infrastructure devices.
- Ensuring product quality and timeliness of work, providing advice and guidance, resolving problems to meet objectives, and providing periodic performance reports.
- Provide input on best practices and procedures.
- Developing new and refining existing processes to enhance quality and productivity.
Qualifications- Education: Master's degree or 6+ additional years of cybersecurity experience in lieu of a degree and PMP certification.
- Experience: 12+ years of experience in an enterprise and/or cybersecurity-focused environment.
- Technical Skills:
- Experience with Splunk administration and engineering.
- Experience with Splunk Enterprise Security (ES) operations and configurations.
- Experience with Splunk telemetry integration, workflow engineering, and tuning
- Experience with Microsoft enterprise environment administration and engineering.
- Experience with Microsoft Enterprise Security (ES) operations and configurations.
- Experience with Microsoft UEBA/SOAR telemetry integration, workflow engineering, and tuning
- Proficiency with Unix and Windows environments.
- Certifications: Active DoD 8570 IAT Level III/ DoW 8140 (511) Advanced certification (e.g., CISSP) required.
- Physical Requirements:
- Must be able to remain in a stationary position 50% of the time.
- Occasionally move about inside the office to access file cabinets, office machinery, or to communicate with co-workers, management, and customers via email, phone, or virtual communication, which may involve delivering presentations.
Preferred Qualifications: - Splunk certifications such as Splunk Certified Cybersecurity Defense Architect, Splunk Enterprise Certified Architect, Splunk Certified Cybersecurity Defense Engineer, Splunk Core Certified Advanced Power User, Splunk Core Certified Consultant
- Microsoft certifications such as SC-100: Microsoft Cybersecurity Architect; SC-200 Microsoft Security Operations Analyst
- Experience with scripting or programming languages (e.g., Bash, Python, Java, Perl, .NET).
- Familiarity with developing and deploying operational and security use cases within Splunk.
- Familiarity with DoW & NSA Zero Trust Guidance
- Familiarity with DoW RMF ATO process and answering controls
- Familiarity with USSOCOM SOFNET
Clearance Requirement: