Cyber Security Incident & Response Manager

Advance your career while impacting our national security in cyber as a Cybersecurity Manager at GDIT. Here, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government.

As a Cybersecurity Manager, the work you'll do at GDIT will be impactful to the mission of US Battlefield Information Collection and Exploitation System eXtended (US BICES/-X). You will play a crucial role in managing the Cyber Detect Incident & Response team. You will provide line management, leadership and strategic direction for the team and liaise closely with other managers. In addition, this role identifies potential security risks, recommends mitigation measures and implements remediation measures.

Responsibilities:

• Monitor system health using government provided tools on a 24x7x365 basis
• Monitor security tools and controls.
• Support security updates, configurations and integration of new tools in response to the evolving threat landscape.
• Maintain situational awareness in the intelligence driven landscape and respond to reporting from a DCO perspective.
• Oversee operational incident management and recommend enhancements to the customer's monitoring suite of solutions, including working with service owners to ensure proper monitoring procedures are in place and necessary adjustments are made.
• Track and monitor the health of the capability delivery services to include Scheduled and Emergency Maintenances.
• Assist the government with incorporating detection mechanisms for unauthorized, security related configuration changes.
• Manage all incident response and monitoring systems in terms of Operations-Based, Ticket & Alert-Driven mindset.
• Assist the government in developing, maintaining, and updating catalog of standard operating and response procedures and protocols.
• Ensure Knowledge Base Articles are available for technicians to use.
• Gather and analyze metrics to benchmark the Operations Center workload/performance and identify security trends and issues.
• Provide productivity, service level, and key performance metrics in support of business objectives.
• Continuously review reporting requirements and current data collection methods to ensure efficiency. Work with teams to collaborate in the most efficient way to report and retrieve data.
• Experience driving discussions with senior government personnel regarding trade-offs, best practices, project management and risk mitigation.
• Demonstrated ability to collaborate with stakeholders and business owners to provide guidance and recommendations on improving IT infrastructure.
• A proactive approach to identifying issues and problems, areas for improvement, and performance bottlenecks along with an ability to offer and implement solutions to address these.
• Experience creating dashboards to track service health that appeal to both technical and non-technical audiences preferably with Splunk.
• Monitor CVA activity in real time and direct/coordinate activities as appropriate.
• Participate in joint exercises spanning teams across the globe to develop/refine IR TTPs.
• Excellent written and verbal communication skills, with a strong attention to detail and superior ability for problem solving.
• Skilled at directing a small team and executing responsibilities with minimal supervisor interaction.

Required Qualifications:

• 10+ years of experience.
• BA/BS or the equivalent combination of education, technical training, or work/military experience.
• Must meet DOD 8750 requirements and be eligible for IAT level III & CSSP Incident Response upon hire for positions with elevated privileges and must obtain ITIL V4 Foundation within six months of hire. Additional specific certifications may be required, depending on job assignment.
• Must possess and maintain a Top Secret/SCI Security Clearance.
• Ability to work in a team-oriented, collaborative environment.
• Ability to work efficiently in a fast-paced environment and multi-task while still ensuring high quality of work.
• Highly organized with strong ability to prioritize work and work autonomously.
• Excellent verbal and written communication skills.
• Great attention to detail and presentation.
• Results driven, highly efficient, energetic, and highly motivated.
• Must possess a high degree of intelligence, competence, maturity, adaptability, resilience, integrity, and initiative.
• The work is typically performed at client site locations, which requires proper safety precautions; work may require some physical effort in the handling of light materials, boxes, or equipment.

Preferred Qualifications:

• CISSP certification.
• Cyber Security Service Provider Management experience.
• Experience with SIEM - SPLUNK, KIBANA.
• Knowledge of Virtualization technologies: VMWare, Citrix, and Microsoft
• Familiarity of concepts such as DevSecOps, Infrastructure as Code, Software Defined Data Center, Continuous Deployment, and Continuous Integration desired.
• Knowledge of Network level: WAN and LAN connectivity, routers, firewalls, security internal systems, cloud and network infrastructure.
• Experience with firewalls and firewall rule sets.

Work Requirements