This position serves as the Cyber Security Operation Center (SOC) Lead for the Information Technology Directorate (MRI), NAF Business and Support Services Division (MR), Manpower and Reserve Affairs Department, Headquarters Marine Corps. The incumbent will work under the direction of the Chief Information Security Officer to provide cyber incident handling services to Marine Corps installations worldwide. The SOC Lead will lead the cyber incident and cyber operational activity within the SOC. The SOC Lead will serve as an investigative entity within the cyber security program to ensure proper identification, isolation, remediation, and reporting of cyber incidents. The position will manage traditional incident response capabilities, while building industry leading and forward-looking teams. Lead, author and validate subordinate After Action Reviews. Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Coordinate cyber incident response team's (CIRT) incident response and forensics tasks in order to make sure an incident is correctly prioritized and the incident response subtasks execute appropriate playbooks and meet agreed.

Investigates, analyzes, and responds to cyber incidents within the network environment or enclave. Collect and decode intrusion artifacts from uncommon/allocated spaces within a system (e.g. memory, XXD manipulation, etc.) to understand if it was encapsulated or encrypted needing mitigation. Categorize and identify artifact and potential vulnerability or targeted environment, use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Perform advanced analysis of unknown and uncommon threats to closeout. Author after action and other related reports. Brief senior leadership, customers, and stakeholders, as appropriate.

Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Collaborate with enterprise-wide cyber defense technicians to resolve cyber defense incidents. Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. Direct and evaluate cyber defense trend analysis and reporting. Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. Rule out false positives and examine context to identify positives. Pivot off alert to correlate information from other log sources. Produce findings for report.

Supervises employees to include: assigning and distributing work, coaching, counseling, tutoring, and mentoring employees; approving and disapproving leave, recommending and completing personnel actions, completing performance reviews and signing timecards, training employees, keeping abreast of and actively supporting the principles of the EEO program, and prevention of sexual harassment.  Must be alert to alcohol abuse, and take appropriate action. 

Occasional travel to complete work assignments, conduct training or attend conferences and meetings may be required. Performs other related duties as assigned.

Minimum Qualifications 

Bachelors’ Degree in Information Technology or Business related field appropriate to the work of position AND five years of experience performing specific tasks for digital information and/or incident handling: OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above. 

Knowledge of specific operational impacts of cyber security lapses, cyber threats and vulnerabilities. Understand business continuity and disaster recovery continuity of operations plans. Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Understanding of risk management processes, secure configuration management techniques, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards, incident categories, incident responses, timelines for responses, intrusion detection methodologies and techniques for detecting host and network-based intrusions.

Skill in preserving evidence integrity according to standard operating procedures or national standards, protecting a network against malware, using security event correlation tools, performing damage assessments, design incident response for cloud service models, identifying, capturing, containing, and reporting malware, running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark and security configuration reviews.

Ability to identify systemic security issues based on the analysis of signatures and indicators from use cases, design incident response for cloud service models, apply cybersecurity and privacy principles to organizational requirements, conduct audit log analysis, and translate results into evaluative conclusions.

As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8570.01-M) as a condition of access within six months of employment. This position has been determined as a cyber security incident responder with level 3 IAT.

This position had been determined as Moderate Risk.  As a condition of employment, the incumbent must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information.

Eligible for incremental telework as determined by MR/MF policy.