Cybersecurity Operations Task Lead

Edgewater Federal Solutions is currently seeking a Cybersecurity Operations Task Lead to provide cybersecurity operations leadership, management, and support to the Cybersecurity Operations (CSO) Division comprised of Cyber Threat Intelligence (CTI), Cyber Threat Hunt (CTH), Red Team (RT), Detection Engineering (DET), 24x7x365 Cyber Security Operations Center (CSOC), Fusion Incident Response (IR), and Forensics specialists for Edgewater Federal government contracts.

• Provide overall technical expertise and oversight, leadership, management, work assignment, organization, and administrative duties for a combined team of 30 cyber security specialists specializing in CTI, CTH, RT, DET, CSOC, Fusion IR, and Forensics, that together comprise the CSO Division.
• Provide robust program management planning, oversight, metrics, and reporting for large division and enterprise-wide initiatives, audits, assessments, and capability maturity in various tools including Microsoft SharePoint, Excel, PowerPoint, Power Automate, and Power BI.
• Ensure the complete, accurate, and timely delivery and/or maintenance of all contract Deliverables and ad hoc work products including threat briefings, artifacts such as strategy documentation, playbooks, incident tickets and reports, after action reports, shift change and daily mitigation reports, chain of custody forms, forensics reports, shift schedules, and select ad hoc reports and executive briefings as required.
• Ensure the contract team supports the Client’s incident response (IR) capabilities including incident response policy, plan, process, procedures, guidelines for communications, team structure, relationship management between incident response teams, service creation or enhancement with scope definitions, on-going training needs and documentation creation and maintenance.
• Ensure the contract team provides Tier-1 cybersecurity detection and response operational support to identify and respond to potentially malicious, misuse and abuse of anomalous activities across the Client’s operating environments, including initial detection, identification, triage, and mitigation of security related incidents impacting the confidentiality, integrity and availability of the Client’s network and systems.
• Ensure the contract team provides Tier-1 cybersecurity detection and response operational support to identify and accurately categorize cyber security incidents, integrate, and utilize other NIH enterprise security capabilities, support threat mitigation techniques and incident response, minimize ticket/incident backlog in NIH ticketing systems, and notify appropriate authorities of incidents and their severity within established timeframes and guidelines.
• Ensure the contract team provides Tier-2 and Tier-3 IR and cyber fusion operational support including Cyber Threat Intelligence (CTI), Cyber Threat Hunt (CTH), Red Team (RT), Detection Engineering (DET), Fusion Incident Response (IR), and Forensics. This also includes counterintelligence/insider threat support and research and development.
• Ensure the contract team provides CTI services to the Client including proficient knowledge of the intelligence lifecycle, threat modeling, kill chain, MITRE ATT&CK Framework, etc. This also includes:
  • Providing CTI collection, monitoring, analysis, and reporting, operational support through expert level analysis with regards to APTs, indicators of compromise (IOCs), adversary infrastructure, and intelligence gathering.
  • Providing targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks.
  • Ability to formulate and understand intelligence requirements provided by the Client’s intelligence consumers as well as ongoing collaboration with the Vulnerability Management team to address and mitigate vulnerabilities actively leveraged by malicious actors.
• Ensure the contract team provides CTH services to the Client, including day-to-day cyber threat hunt focused on host-based investigations, deceptive mechanisms, and network forensics to detect and mitigate advanced cyber threats like Advanced Persistent Threats (APTs) and organized crime groups, among others.
• Ensure the contract team provides Red Team services to the Client, including conducting RT engagements to simulate and emulate tradecraft and techniques employed by adversaries the Client is, or should be, concerned with to ensure policies, tools and team structure are well suited to defend against various adversaries.
• Ensure the contract team provides Detection Engineering services to the Client including Security Information and Event Management (SIEM) with correlation algorithms for threat detection and automation, detection signatures development, and the ability to develop and integrate with automation and playbook technology such as Security Orchestration Automation and Response (SOAR) platforms.
• Ensure the contract team provides forensics services to the Client, including host and appliance based, mobile devices, network, cloud, and malware forensics.
• Ensure the contract team provides Counterintelligence (CI) and Insider Threat (InTh) services to the Client, including internal investigations, law enforcement investigations, and active monitoring.
• Ensure the contract team provides Research and Development services to the Client, including assessing the Client’s enterprise tools, capabilities, and functions for all Client operating environments and conduct in-depth product and tools research on innovative technologies and techniques. This also includes providing recommendations on emerging innovative security capabilities, technologies, and tools including Security Orchestration Automation and Response (SOAR) and User and Event Behavioral Analytics (UEBA).
• Proactively enable, coordinate, collaborate, integrate, and recommend on-going improvements for CSO enterprise capabilities and provide guidance to Federal (Client) leadership.

• 12+ years’ experience performing comprehensive cybersecurity operations experience or equivalent combination of education/training and technical experience in the cybersecurity field.
• 5+ years’ experience comprehensive cybersecurity operations leadership and management.
• Bachelor’s Degree or higher in relevant cybersecurity-related major.
• Demonstrated expert-level delivery experience and knowledge of CTI concepts, operations, outputs, and maturity levels.
• Demonstrated expert-level delivery experience and knowledge of CTH concepts, operations, outputs, and maturity levels.
• Demonstrated expert-level delivery experience and knowledge of RT concepts, operations, outputs, and maturity levels.
• Demonstrated expert-level delivery experience and knowledge of DET concepts, operations, outputs, and maturity levels.
• Demonstrated expert-level delivery experience and knowledge of IR and CSOC concepts, operations, outputs, and maturity levels.
• Demonstrated expert-level delivery experience and knowledge of Forensics concepts, operations, outputs, and maturity levels.
• Demonstrated expert-level delivery experience and knowledge of ticket management tools and practices; troubleshooting; investigations; computer networking; and operating systems.
• Demonstrated expert-level technical ability/aptitude, demonstrated through prior technical experience and accomplishment.
• Demonstrated expert-level client delivery, business development, and proposal development experience.
• Deep understanding of the risks U.S. Government agencies face and how to use investigative and analytical aptitude to derive solutions that will mitigate these risks and ensure compliance.
• Deep experience in applying security controls and measures to various technologies and systems.
• Deep experience with Federal government contracting regulations, policies, and norms.
• Excellent critical thinking, analytic skills, and experience.
• Excellent time management skills and experience.
• Excellent management, teamwork, and interpersonal skills against difficult due dates and timelines.
• Excellent customer service focus to meet the needs of internal and external customers.
• Excellent presentation development and delivery skills.
• Excellent program management, project management, and task tracking skills.
• Ability to work on occasional weekends and holidays.
• Ability to pass an HHS Tier-2 security clearance background investigation.

Desired: 

• One or more certifications in information security (such as CISSP, CISM, CompTIA Advanced Security Practitioner, CompTIA Security Analytics Expert, CCTHP, CySA+, Security+, etc.).
• Project Management Certifications (such as CAPM, PMP, ITIL etc.).
• Current Security clearance

About Us:

Edgewater Federal Solutions is a privately held government contracting firm located near Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services, and timely delivery. Edgewater is ISO 9001, 20000-1, 27001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2024.

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other status protected by applicable law.