AOUSC SOC Manager

CFocus Softwareorporated

Job Location:

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: 7 hours ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a SOC Manager to join our program supporting the Administrative Office of the United States Courts (AOUSC). This position is Hybrid with the onsite location being in Washington DC. This position requires a Public Trust clearance.
Qualifications:

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
7 years experience in an active incident responder position; two (2) years of recent (within the last five (5) years) experience providing technical direction to a SOC (over 5000 endpoints).
2 years of experience implementing IR in a federal environment in accordance with federal incident handling guidelines as specified in NIST CSWP-29: CSF and NIST SPComputer Security Incident Handling Guide.
2 years of experience using Splunk SIEM to correlate cybersecurity alerts.
3 years experience in auditing using operating system (Linux and Windows) to perform cybersecurity services.
Strong technical writing skills to effectively communicate complex analytical findings and produce clear concise well-structured reporting to include executive audience level reports
This role aligns to the NICE work role PD-WRL-001 (Defensive Cybersecurity).
Active SANS GCIH or GCIA certification

Duties:

Provide operational leadership and management oversight for 24x7x365 SOC operations supporting Judiciary cybersecurity activities.
Manage cybersecurity triage incident response containment remediation recovery and post-incident review activities.
Ensure operational adherence to the Judiciary Security Operations Center Incident Response Plan (JSOCIRP) SOC Standard Operating Procedures (SOPs) and AO-defined escalation procedures.
Oversee alert triage activities utilizing Splunk Enterprise Security Microsoft Sentinel ServiceNow Jira and other approved Government systems.
Ensure timely acknowledgment triage escalation and handling of cybersecurity alerts in accordance with SLA requirements and incident prioritization timelines.
Lead operational coordination during Priority 1 and Priority 2 cybersecurity incidents and ensure timely government notification and escalation.
Oversee development and maintenance of cybersecurity triage work instructions incident handling SOPs response action procedures and operational documentation.
Manage SOC analysts incident responders and forensic personnel to ensure staffing coverage operational readiness and quality performance.
Review and validate cybersecurity incident reports post-incident reviews (PIRs) forensic reports malware analysis reports and operational status reporting.
Coordinate with AO leadership federal staff watch officers branch chiefs and stakeholders regarding cybersecurity incidents operational risks and emerging threats.
Ensure accurate documentation of all cybersecurity activities artifacts timelines and communications within ServiceNow and other authorized systems.
Manage operational metrics including Mean Time to Acceptance (MTTA) Mean Time to Triage (MTTT) containment timelines remediation timelines and quality assurance metrics.
Conduct weekly technical meetings and provide operational briefings metrics trends risk assessments and remediation recommendations.
Develop and maintain Common Operational Picture (COP) awareness and cybersecurity operational reporting for AO stakeholders.
Support continuous improvement initiatives by identifying detection gaps process inefficiencies workflow improvements and operational enhancements.
Coordinate cybersecurity forensics and malware analysis activities including evidence preservation malware analysis root cause analysis and artifact review.
Ensure operational compliance with NIST SP 800-53 NIST SP 800-61 NIST Cybersecurity Framework (CSF) 2.0 and ITIL v4 principles.
Support transition-in and transition-out activities including onboarding operational readiness training and knowledge transfer.
Provide executive-level and technical-level cybersecurity briefings reports and presentations.
Support enterprise security awareness reporting and development of operational KPIs.

Required Experience:

Manager

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
7 years experience in an active incident responder position; two (2) years of recent (within the last five (5) years) experience providing technical direction to a SOC (over 5000 endpoints).
2 years of experience implementing IR in a federal environment in accordance with federal incident handling guidelines as specified in NIST CSWP-29: CSF and NIST SPComputer Security Incident Handling Guide.
2 years of experience using Splunk SIEM to correlate cybersecurity alerts.
3 years experience in auditing using operating system (Linux and Windows) to perform cybersecurity services.
Strong technical writing skills to effectively communicate complex analytical findings and produce clear concise well-structured reporting to include executive audience level reports
This role aligns to the NICE work role PD-WRL-001 (Defensive Cybersecurity).
Active SANS GCIH or GCIA certification

Duties:

Provide operational leadership and management oversight for 24x7x365 SOC operations supporting Judiciary cybersecurity activities.
Manage cybersecurity triage incident response containment remediation recovery and post-incident review activities.
Ensure operational adherence to the Judiciary Security Operations Center Incident Response Plan (JSOCIRP) SOC Standard Operating Procedures (SOPs) and AO-defined escalation procedures.
Oversee alert triage activities utilizing Splunk Enterprise Security Microsoft Sentinel ServiceNow Jira and other approved Government systems.
Ensure timely acknowledgment triage escalation and handling of cybersecurity alerts in accordance with SLA requirements and incident prioritization timelines.
Lead operational coordination during Priority 1 and Priority 2 cybersecurity incidents and ensure timely government notification and escalation.
Oversee development and maintenance of cybersecurity triage work instructions incident handling SOPs response action procedures and operational documentation.
Manage SOC analysts incident responders and forensic personnel to ensure staffing coverage operational readiness and quality performance.
Review and validate cybersecurity incident reports post-incident reviews (PIRs) forensic reports malware analysis reports and operational status reporting.
Coordinate with AO leadership federal staff watch officers branch chiefs and stakeholders regarding cybersecurity incidents operational risks and emerging threats.
Ensure accurate documentation of all cybersecurity activities artifacts timelines and communications within ServiceNow and other authorized systems.
Manage operational metrics including Mean Time to Acceptance (MTTA) Mean Time to Triage (MTTT) containment timelines remediation timelines and quality assurance metrics.
Conduct weekly technical meetings and provide operational briefings metrics trends risk assessments and remediation recommendations.
Develop and maintain Common Operational Picture (COP) awareness and cybersecurity operational reporting for AO stakeholders.
Support continuous improvement initiatives by identifying detection gaps process inefficiencies workflow improvements and operational enhancements.
Coordinate cybersecurity forensics and malware analysis activities including evidence preservation malware analysis root cause analysis and artifact review.
Ensure operational compliance with NIST SP 800-53 NIST SP 800-61 NIST Cybersecurity Framework (CSF) 2.0 and ITIL v4 principles.
Support transition-in and transition-out activities including onboarding operational readiness training and knowledge transfer.
Provide executive-level and technical-level cybersecurity briefings reports and presentations.
Support enterprise security awareness reporting and development of operational KPIs.