Cybersecurity Supervisor #5313
Cybersecurity Supervisor #5313
Pay Band: $114,302 - $171,446
Remote Work Status: Remote / FLSA Status: Exempt
Posting Date Range: 1/11/2023-1/25/2023
This vacancy announcement closes at 7pm EST. Late applications will not be accepted.
Cybersecurity Operations Branch - Cyber Security Operations Center (CSOC)
Examples of Work:
- Manage configuration and optimization of cyber defense tools
- Manage characterization and analyzation of network traffic to identify anomalous activity and potential threats to network resources
- Provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents
- Manage team administration of updating defense tools’ rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists, etc.) for specialized cyber defense applications
- Validate cybersecurity-enabled products or other compensating security control technologies meet or exceed service level agreements (SLAs) relating to acceptable risk levels
- Provide team leadership of analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
- Manage triaging of cyber defense incidents, including determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
- Ensure quality of cyber defense trend analysis and reporting
- Plan and recommend modifications or adjustments to technical platform, processes, environment, etc., based on cybersecurity capability assessments (Blue Team, Read Team, audits, etc.)
- Finalize and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies
- Manage team collection of intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise
- Serve as technical expert and liaison to law enforcement personnel and explain incident details as required
- Appropriate and oversee external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise
Knowledge, Skills and Abilities:
- Knowledge of cybersecurity and privacy principles
- Knowledge of cyber threats and vulnerabilities
- Knowledge of authentication, authorization, and access control methods
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)
- Knowledge of incident categories, incident responses, and timelines for responses
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
- Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities
- Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations
- Knowledge of adversarial tactics, techniques, and procedures
- Knowledge of collection management processes, capabilities, and limitations
- Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
- Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
- Knowledge of encryption methodologies
- Knowledge of signature implementation impact for viruses, malware, and attacks
- Knowledge of cloud service models and how those models can limit incident response
- Knowledge of malware analysis concepts and methodologies
- Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
- Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications
- Knowledge of penetration testing principles, tools, and techniques
- Knowledge of intrusion detection and prevention system tools and applications
- Knowledge of common adversary capabilities, tactics, techniques, and procedures in assigned area of responsibility
- Knowledge of general attack stages
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
- Skill in preserving evidence integrity according to standard operating procedures or national standards
- Skill in using incident handling methodologies
- Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution
- Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.)
- Skill in conducting investigations and developing comprehensive reports
- Skill in evaluating the adequacy of security designs
- Skill in tuning sensors
- Skill in using protocol analyzers
- Skill in collecting data from a variety of cyber defense resources
- Skill in securing network communications
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks
- Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters)
- Ability to accurately and completely source all data used in intelligence, assessment and/or planning products
- Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- Ability to design incident response for cloud service models
- Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
- Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute
This is professional and managerial work planning and managing the work of a small Cybersecurity team. Work may include supervising a combination of technical, professional and/or contract staff. Work also involves project management, providing input to the team’s budget, providing forecasts, cost/benefit analysis and technical recommendations to senior management. This position is a managerial position under the direction of a Branch Manager and supports oversight and coordination of the cybersecurity program.
Examples of Work
Supervises team staff by providing direction, setting priorities, assisting with problem resolution, reviewing and evaluating work, counseling staff, and conducting performance reviews. Establishes team goals, assigns team leaders, and administratively and technically directs the work of staff. Conducts annual reviews, assigning performance ratings, recommending awards, arranging training, and managing performance improvement plans. Identifies team training needs and conveys training recommendations to upper management. Develops team work plans and assigns projects, tasks, resources, deadlines and priorities to staff; monitors work progress, adjusts project schedules and updates status of work on a regular basis to the appropriate Branch Manager. Confers with other sections, divisions, departments, and vendors to gather and disseminate information; represents the SAA organization in discussions of projects; participates in organizational decision-making. Facilitates the creation and modification of all cybersecurity compliance policies and processes applicable to the Supervisor’s team. Maintains a cybersecurity framework for conducting team services and/or operations to periodically assess the regulatory, commercial, organizational, inherent and residual level of compliance and risks. Identifies and resolves any issue of noncompliance with governing standards and frameworks applicable to the team.
Work requires a Bachelor’s Degree in computer science, telecommunications, or a related technical field, and seven to nine years of experience within a Certified Information Systems Security Professional (CISSP)-type environment, with at least two years of work in a supervisory capacity; or any equivalent combination of education and experience that provides the following knowledge, skills and abilities:
- Knowledge of laws, regulations, policies, and ethics as they relate to the cybersecurity area of expertise.
- Knowledge of current and emerging technologies and/or tools utilized in area of assigned cybersecurity discipline.
- Knowledge of cybersecurity concepts required.
- Skill in making processes more efficient.
- Ability to plan, supervise, assign and review the work of a combination of professional, technical and/or contract staff.
- Ability to apply critical thinking skills to identify strengths, weaknesses, alternative solutions, conclusions and approaches to problems.
- Ability to set goals, plans, and monitor projects.
- Ability to maintain proper documentation, relevant records and archives in an orderly, transparent fashion.
- Ability to display good judgment, work with a sense of urgency and demonstrate a commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
- Ability to work well with a diverse client base.
- Ability to work in a heavily regulated and/or audited environment.
- Ability to communicate effectively, both orally and in writing.
Physical Demands and Working Environment
Work requires extended periods of confined sitting and hand-eye coordination working with computers. Expected to work unusual and perhaps unexpected hours during a Continuity of Operations.
Licenses, Certification and Other Requirements
This position requires that the applicant obtain and maintain an applicable U.S. Government security clearance. Applicants must be U.S. citizens in order for the SAA to submit your application for a security clearance. For education requirements please see Minimum Qualifications.
Conditions of Employment
To be employed by a Senate employing office in a paid position in the continental United States an individual must:
1. Be a U.S. citizen;
2. Be lawfully admitted for permanent residence and seeking citizenship as outlined in 8 U.S.C. § 1324b(a)(3)(B);
3. Be (i) admitted as a refugee under 8 U.S.C. § 1157 or granted asylum under 8 U.S.C. § 1158 and (ii) have filed a declaration of intention to become a lawful permanent resident and then a citizen when eligible; or
4. Owe allegiance to the U.S. (i.e., qualify as a non-citizen U.S. national under federal law).
Employment is contingent on background / security investigation results.
The SAA provides a highly competitive benefits package for all SAA staff. Our benefits extend beyond health care coverage to help provide employees with student loan reimbursement, professional development, transportation subsidy, TSP/retirement savings, access to our Employee Assistance Program, and more! For more information regarding SAA’s benefits, please visit https://sen.gov/OPPW
VOLUNTARY SELF-IDENTIFICATION FOR VETERANS' PREFERENCE
If you are identifying as veterans' preference eligible under the VEOA, please use this link [saa.csod.com]to complete your application for Veterans' Preference AFTER you apply for this position. The link will also be available on the "Thank You" page after you have submitted your job application.
Candidates only need to apply one time for veterans’ preference to be considered for all future veterans’ preference positions within the Senate Sergeant at Arms.
- All supporting documents must ONLY be provided within the Veterans’ Preference Application and within the stated deadline of the job announcement.
- Late applications for veterans’ preference will not be considered.
- Documentation to obtain veterans’ preference will not be considered if attached to the job application.
- If you need to revise or resubmit your Application for Veterans' Preference/documents, please withdraw your previous Application for Veterans' Preference and resubmit. If you require assistance, please email firstname.lastname@example.org.
- To view additional information regarding the VEOA, please click here [senate.gov].
An applicant who declines to self-identify as a disabled veteran and/or to provide information and documentation regarding his/her disabled veteran’s status will not be subjected to an adverse employment action, but the individual may be ruled ineligible for veterans’ preference.