Cyber Security Operation Center Lead NF5

Quantico, Virginia
Dec 01, 2022
Dec 08, 2022
IT, Security Engineer
Full Time

This position serves as the Cyber Security Operation Center (SOC) Lead for the Information Technology Directorate (MRI), NAF Business and Support Services Division (MR), Manpower and Reserve Affairs Department, Headquarters Marine Corps. The incumbent will work under the direction of the Chief Information Security Officer to provide cyber incident handling services to Marine Corps installations worldwide. The SOC Lead will lead the cyber incident and cyber operational activity within the SOC. The SOC Lead will serve as an investigative entity within the cyber security program to ensure proper identification, isolation, remediation, and reporting of cyber incidents. The position will manage traditional incident response capabilities, while building industry leading and forward-looking teams. Lead, author and validate subordinate After Action Reviews. Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Coordinate cyber incident response team's (CIRT) incident response and forensics tasks in order to make sure an incident is correctly prioritized and the incident response subtasks execute appropriate playbooks and meet agreed.

Investigates, analyzes, and responds to cyber incidents within the network environment or enclave. Collect and decode intrusion artifacts from uncommon/allocated spaces within a system (e.g. memory, XXD manipulation, etc.) to understand if it was encapsulated or encrypted needing mitigation. Categorize and identify artifact and potential vulnerability or targeted environment, use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Perform advanced analysis of unknown and uncommon threats to closeout. Author after action and other related reports. Brief senior leadership, customers, and stakeholders, as appropriate.

Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Collaborate with enterprise-wide cyber defense technicians to resolve cyber defense incidents. Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. Direct and evaluate cyber defense trend analysis and reporting. Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. Rule out false positives and examine context to identify positives. Pivot off alert to correlate information from other log sources. Produce findings for report.

Supervises employees to include: assigning and distributing work, coaching, counseling, tutoring, and mentoring employees; approving and disapproving leave, recommending and completing personnel actions, completing performance reviews and signing timecards, training employees, keeping abreast of and actively supporting the principles of the EEO program, and prevention of sexual harassment. Must be alert to alcohol abuse, and take appropriate action.

Occasional travel to complete work assignments, conduct training or attend conferences and meetings may be required. Performs other related duties as assigned.

This is a white-collar position where occasional lifting up to 20 lbs may be required.

Performs other duties as assigned.


Conditions of Employment

  • See Duties and Qualifications



Bachelors' Degree in Information Technology or Business related field appropriate to the work of position AND five years of experience performing specific tasks for digital information and/or incident handling: OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above.

Knowledge of specific operational impacts of cyber security lapses, cyber threats and vulnerabilities. Understand business continuity and disaster recovery continuity of operations plans. Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Understanding of risk management processes, secure configuration management techniques, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards, incident categories, incident responses, timelines for responses, intrusion detection methodologies and techniques for detecting host and network-based intrusions.

Skill in preserving evidence integrity according to standard operating procedures or national standards, protecting a network against malware, using security event correlation tools, performing damage assessments, design incident response for cloud service models, identifying, capturing, containing, and reporting malware, running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark and security configuration reviews.

Ability to identify systemic security issues based on the analysis of signatures and indicators from use cases, design incident response for cloud service models, apply cybersecurity and privacy principles to organizational requirements, conduct audit log analysis, and translate results into evaluative conclusions.

As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8570.01-M) as a condition of access within six months of employment. This position has been determined as a cyber security incident responder with level 3 IAT.

This position had been determined as Moderate Risk. As a condition of employment, the incumbent must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information.

Eligible for incremental telework as determined by MR/MF policy.

Additional information

GENERAL INFORMATION: Applicants are assured of equal consideration regardless of race, age, color, religion, national origin, gender, GINA, political affiliation, membership or non-membership in an employee organization, marital status, physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency. The decision on granting reasonable accommodation will be on a case-by-case basis.

It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review:

As part of the employment process, Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report. Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI). For all positions requiring access to firearms or ammunition, the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence, or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760, Qualification to Possess Firearms or Ammunition, before a final job offer can be made.

CONDITION OF EMPLOYMENT: Per E.O. 14043, selectee(s) must be fully vaccinated for COVID-19 by 11/22/2021 or date of employment (which ever comes later) except in limited circumstances where an exemption is approved due to a disability or sincerely held religious beliefs.

Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS.

Required Documents:

*Education/certification certificate(s), if applicable.

*If prior military, DD214 Member Copy

This activity is a Drug-free workplace. The use of illegal drugs by NAF employees, whether on or off duty, cannot and will not be tolerated. Federal employees have a right to a safe and secure workplace, and Marines, sailors, and their family members have a right to a reliable and productive Federal workforce.

Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with "TA" stamped in red on front of card.