General Dynamics - Colorado Springs, CO
posted 4 months ago
The Security Operation Center (SOC) Analyst Lead plays a critical role in the cybersecurity landscape, particularly within the Department of Defense (DoD). This position is primarily responsible for leading a team that develops, implements, and evaluates the SOC's capabilities to provide comprehensive Computer Network Defense and Response support. The SOC operates 24/7/365, monitoring and analyzing potential threat activities targeting the enterprise. The Lead SOC Analyst will oversee the monitoring of the organization's network and devices for security breaches, ensuring that the team maintains effective software tools such as log management systems, while also researching the latest security trends. This role involves conducting security assessments and compliance reviews of SOC operations, as well as assisting with the maintenance of Security Policy and Procedures and training all SOC personnel. The ideal candidate will possess a solid understanding of cyber threats and information security, particularly in the domains of tactics, techniques, and procedures (TTPs), threat actors, campaigns, and observables. Familiarity with intrusion detection systems, security information event management platforms, endpoint threat detection tools, and security operations ticket management is essential. The SOC Analyst Lead will support activities within Special Access Programs (SAPs) for various DoD agencies, including HQ Air Force and the Office of the Secretary of Defense (OSD). This position will provide day-to-day support for Collateral, Sensitive Compartmented Information (SCI), and SAP activities, ensuring that the SOC operates effectively and efficiently. Performance expectations for this role include strong analytical and technical skills in computer network defense operations, the ability to lead incident handling efforts, and expertise in malware analysis. The Lead Analyst will be responsible for analyzing IT security events to differentiate between legitimate security incidents and non-incidents, implementing countermeasures, and conducting incident response. The candidate must have extensive hands-on experience with Security Information and Event Monitoring (SIEM) platforms and log management systems, as well as a strong understanding of various operating systems and network communications protocols. Additionally, the Lead Analyst will prepare and maintain security documentation, develop SOC processes and procedures, and communicate business risks associated with cybersecurity issues effectively.