Sr. Cyber Defense Lead

*** United States Citizenship (no dual citizenship) required per government contract. An Active DoD eligibility with favorable determination is required per government contract.
Main Sail is seeking a Sr. Cyber Defense Lead in support of the PEO Enterprise SIEM Consolidation / Cyber Defense effort. This effort is focused on the consolidation of PEO Enterprise multiple SIEM solutions (approx. 40) into one consolidated SIEM. This individual should have extensive experience with Security Operations Centers (SOC), Security Information and Event Management (SIEM) deployment and tuning as well as Security Orchestration Automation and Response (SOAR) development and implementation.
Responsibilities:
• Establish an Enterprise Cyber Defense Policy to standardize cyber defense practices for PEO Enterprise programs
• Implement and lead a centralized cyber defense team
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for the inclusion into the risk mitigation strategy
• Provide daily summary reports of network events and activity relevant to cyber defense practices
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
• Identify applications and operating systems of a network device based on network traffic
• Skill in detecting host and network-based intrusions via intrusion detection technologies
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
• Provide cybersecurity related strategic leadership support
• Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan
• Examine network topologies to understand data flows through the network
Required Skills:
• A Secret clearance will be required to maintain this position
• Compliance with DoD 8140 / 8570 IAT Level II certification prior to start date
• At least 5 years of hands-on experience leading a Cybersecurity leading a team in SOC, SIEM, or SOAR
• Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)
• Knowledge of cloud computing deployment models in private, public, and hybrid environments and the difference between on-premises and off-premises environments
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of host/network access control mechanisms (e.g., access control list)
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
• Knowledge of penetration testing principles, tools, and techniques
• Knowledge of defense-in-depth principles and network security architecture
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools
• Demonstrated ability to create and present executive level briefings
Desired Skills:
• Understanding of the MITRE Telecommunication & CK framework
• Knowledge of authentication, authorization, and access control methods
• Knowledge of common adversary tactics, techniques, and procedures in assigned area of responsibility (i.e., historical country-specific tactics, techniques, and procedures; emerging capabilities)
• Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES])
• Experience with Army policies, regulations, and processes preferred
Location: Fort Belvoir, 4-5 days per week on-site/local only
Period: ASAP with additional option years through 4/30/27 likely.
*** United States Citizenship (no dual citizenship) required per government contract. An Active DoD eligibility with favorable determination is required per government contract.