Secret Sr Cyber Defense Lead

Pay: $70hr - $80hr
Conversion Salary: $150,000 - $160,000

Insight Global is Seeking a Seeking a Sr. Cyber Defense Lead. This effort is focused on the consolidation of PEO Enterprise multiple SIEM solutions (approx. 40) into one consolidated SIEM. This individual should have extensive experience with Security Operations Centers (SOC), Security Information and Event Management (SIEM) deployment and tuning as well as Security Orchestration Automation and Response (SOAR) development and implementation.


Responsibilities:

- Establish an Enterprise Cyber Defense Policy to standardize cyber defense practices for PEO Enterprise programs
- Implement and lead a centralized cyber defense team
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for the inclusion into the risk mitigation strategy
- Provide daily summary reports of network events and activity relevant to cyber defense practices
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
- Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
- Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
- Identify applications and operating systems of a network device based on network traffic
- Skill in detecting host and network-based intrusions via intrusion detection technologies
- Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise
- Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
- Provide cybersecurity related strategic leadership support
- Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan
- Examine network topologies to understand data flows through the network

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Required Skills:

- A Secret clearance will be required to maintain this position
- Compliance with DoD 8140 / 8570 IAT Level II certification prior to start date
- At least 5 years of hands-on experience leading a Cybersecurity leading a team in SOC, SIEM, or SOAR
- Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)
- Knowledge of cloud computing deployment models in private, public, and hybrid environments and the difference between on-premises and off-premises environments
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of host/network access control mechanisms (e.g., access control list)
- Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
- Knowledge of penetration testing principles, tools, and techniques
- Knowledge of defense-in-depth principles and network security architecture
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
- Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools
- Demonstrated ability to create and present executive level briefings

Preferred Qualifications:

- Understanding of the MITRE ATT&CK framework
- Knowledge of authentication, authorization, and access control methods
- Knowledge of common adversary tactics, techniques, and procedures in assigned area of responsibility (i.e., historical country-specific tactics, techniques, and procedures; emerging capabilities)
- Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES])
- Experience with Army policies, regulations, and processes preferred

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.