Security Operations Manager

ECS is seeking a Security Operations Manager to work remotely . Please Note: This position is contingent upon contract award. ECS is seeking an experienced Security Operations Manager to work remotely providing Cyber Security operations support for NIH NIAID Enabling and Advancing Technologies (NEAT). This engagement provides a spectrum of management, technologies development, applications/software engineering, bioinformatics support, and professional development. Please Note: This position is contingent upon contract win. The Security Operations Manager will be the single POC providing ongoing status and progress to the NIAID CO and COR. In this role, you will be responsible for cyber security incident resolution, monitoring of NIAID systems and components to detect potential threats, and project management and engineering support for the improvement and automation of security operation tools and processes. Requirements/Duties: Cybersecurity incident resolution including investigation and response to minimize the impact or likelihood of incidents; Monitoring of NIAID systems and components to detect potential threats; and Project management and engineering support for the improvement and automation of security operations tools and processes. Project support for projects to improve and automate security operations capabilities including developing solutions and options for project milestones, developing project plans in a task and completion tracking tool such as Jira, and reporting on progress in real-time using an IT Service Management tool such as ServiceNow. Respond to and resolve security and privacy incidents and coordinate with the NIH Threat Management and Incident Response (TMIR) team and privacy coordinators according to NIH or Federal format and timelines. Advise and assist with SOC architecture activities, for all SOC information systems initiatives supporting all SOC tools and capabilities. Salary Range: $150,000 – $190,000 General Description of Benefits Qualifications Bachelor’s degree in Cybersecurity, Computer Science, or related field. Active Public Trust or higher security clearance. Minimum of 10 years of experience in cybersecurity. 15 years’ experience in cybersecurity preferred. 8+ years’ experience leading and delivering in security operations programs and incident management for comparably sized federal agencies and security programs. Shall have at least one of the following industry-recognized certifications: Certified Information System Security Professional (CISSP) Global Information Assurance Certification (GIAC) Certified Enterprise Defender (GCED) GIAC Certified Incident Handler (GCIH) Certified Network Defender (CND) Systems Security Certified Practitioner (SSCP) Proven ability to consistently understand threats, evaluate the impact of potential incidents, and recommend risk reduction techniques based on a knowledge of different operation threat environments, general attack stages, incident categories, cyber defense tool data collection, and playbooks for resolving common incidents. Demonstrated expertise in analyzing and providing clear and concise risk reports, dashboards, and other visualizations to federal risk executives, system operators, and system stakeholders. Knowledge of and experience overseeing the administration and configuration of workstation and infrastructure security tools including but not limited to: Anti-malware/Anti-virus software, Data Loss Prevention software, endpoint detection and response (EDR), vulnerability assessment tools, asset discovery and management software, SIEM, Cloud Access Security Broker (CASB). Knowledge of and experience supporting enterprise-wide penetration testing remediation to comply with agency remediation standards in a federated model like NIH. Documented experience in monitoring an enterprise-wide environment including cloud-based systems for potential security incidents and in all steps to resolve incidents to minimize the impact and likelihood to operations. Experience with establishing and enhancing security operations capabilities and proactively identifying potential risks that may lead to an incident including coordination with multi-contractor teams and across agency groups. Experience in setting up, administering, and enhancing cybersecurity tools and security operations processes to reduce alerting on false positives, to proactively identify configurations that may lead to a potential incident, and to automate incident resolution playbooks. Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored]); general attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.); incident categories, incident responses, and timelines for responses; as well as penetration testing techniques and tools. Reside within the Washington DC Metro area. Travel within the Washington DC Metro Area, and CONUS as needed.