We are seeking an experienced and detail-oriented Lead Security NOC Watch Analysts to support a DoD client. Your responsibilities include security review of designs, engineering efforts, O&M, break/fix, as well as providing senior guidance for cybersecurity activities within the the NOC. The Senior Watch Analyst will oversee the cybersecurity monitoring, management, and troubleshooting of network infrastructure to guarantee the highest levels of uptime and performance. The ideal candidate will have a strong technical background in network security and overseeing teams in an operational NOC or SOC.
Responsibilities:
Lead, mentor, and manage a team of NOC Security Engineers ensuring operational efficiency, team performance, and adherence to service level agreements (SLAs). The Senior Security NOC Watch Analyst provides overall expertise in network cybersecurity operations.
Oversee 24x7x365 network cybersecurity monitoring, identify security issues, and proactively address potential risks or outages that may be caused by cybersecurity threats or vulnerabilities.
Troubleshoot, diagnose, and resolve complex cybersecurity problems within the NOSC, escalating to vendors as needed.
Develop and update incident response plans, establish processes and procedures, and coordinate with relevant stakeholders to ensure timely and effective incident resolution of cybersecurity events.
Provide cybersecurity guidance network monitoring tools and technologies.
Ensure effective IT cybersecurity incident and problem management, maintaining detailed documentation of issues and resolutions.
Ensure compliance with industry standards and DoD security regulations.
Coordinate with internal departments and external vendors to address issues and ensure continuous improvement of network monitoring and performance.
Develop and enforce NOC cybersecurity operational procedures, best practices, and training programs for staff.
Provide regular reports to senior management on network cybersecurity health, performance metrics, and incident resolution.
Required:
Bachelor's degree in Computer Science, Information Technology, or related field and 12 years of relevant experience or a Masters degree and 8 years.
Strong understanding of network protocols, topologies, and troubleshooting methods (e.g., TCP/IP, DNS, DHCP, VPN, routing/switching).
Proficient utilizing and understanding SIEM/SOAR platforms such as Splunk and Elastic.
Familiar with cloud security concepts for AWS and Microsoft Azure.
Familiar with endpoint detection and response and other endpoint protections systems (e.g., Trellix, Carbon Black, and Tanium).
Familiar with cybersecurity for Mobile Device Management (MDM) of mobile devices such as tablets and mobile phones.
Familiar with securing Identity and Access Management (IDAM) systems and leveraging these systems for Zero Trust
Strong understanding of network boundary protection infrastructure (e.g, Forescout and Cisco Firepower NGFW).
Proven experience with network monitoring tools (e.g., SolarWinds, Nagios, or similar).
Demonstrated ability to manage and mentor a cybersecurity operations team with a strong focus on network infrastructure, fostering collaboration and high performance.
Experience with incident management and responding to critical network outages.
Strong written and verbal communication skills for reporting and collaborating across teams.
Excellent technical, analytical, and organizational skills
Strong customer service skills
Preferred:
CompTIA Linux+ or similar certification such as Red Hat Certified System Administrator (RHCSA)
Understanding of playbooks and automation around cybersecurity (e.g. GitHub, GitLab, Ansible).
Clearance: Active Secret Clearance
Certification Requirement: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.