Security Operations Center, Team Lead

Security Operations Center (SOC) Team Lead - Remote

Schedule: 7:00 am - 3:30 pm ET (Monday - Friday)

Preferred locations: McLean, Virginia or Indianapolis, Indiana, but we are open to remote candidates.

About The Role

The SOC Team Lead will be an entry-level leadership position where you will not only help mitigate our clients’ risk of attack, but you will also contain and communicate threats and alerts that may penetrate their defenses. You’ll provide subject matter expertise on cyber threats, evaluate and report on network traffic and system logs, and assist in Incident Detection and Response.

The SOC Team Lead will monitor and co-address host-based and network-based forensic investigations after correlating events from the analyst console tool as part of our monitoring service. You will use static and dynamic malware analysis to repeatedly identify detectable indicators of compromise and work with the team to develop countermeasures. Join us in our quest to reduce the risk of breaches to our clients and defend them when it’s needed!

Reports to the SOC Manager to assist in leading your designated shift and personnel on day-to-day activities. Which may include personnel updates, mentoring staff, escalations and any other tasks assigned.

Due to our contracts, you must be a US citizen.

Responsibilities:

• Manage the shift schedule for your respective team
• Consistently review and refine Playbooks, Process, and Alert reviews to identify areas of improvement
• Act as an escalation point and provide leadership, mentorship, and guidance to SOC Analysts I, II, and III
• Assist with advanced threat hunting, looking for attacker presence in client environments
• Perform quarterly reviews of team’s progress and ensure they are meeting performance goals and progressing in their careers
• Identify and confirm attack vectors, threat tactics, and attacker techniques

Technologies & Certifications

• Advanced knowledge of IDS / IPS tools and applications
• Service discovery tools such as Nmap
• Experience with system or network administration (Unix / Linux preferred)
• Reverse engineering malware and host-based analysis / detection
• Event analysis, correlation, reporting, and alerting
• GCIH, GCFA, CISSP or equivalent certification/experience preferred
• Packet Capture (PCAP) analysis using Wireshark
• Familiarity with commercial or open-source log or SIEM solutions
• Demonstrated experience with 2 or 3 of the following:
• Experience and knowledge of information security, IPv4/v6 networks, network devices, proxies, and monitoring tool

Knowledge and Skills

• Capacity for Synthesis: communicating technical problems, vulnerabilities, and risk into a business context that the client can understand.
• Problem Solving: ability to identify problems, determine cause and effect, and propose solutions using new/innovative approaches.
• Skilled in recognizing and analyzing malware, reverse engineering a plus, and exercising best judgment when the response is not well-defined.
• Applied Technical Thinking: ability to apply specialized, theoretical knowledge to efficient operational use cases.
• Sense of Urgency: balancing urgency with intensity and focus.
• Results Driven: prioritizing achievement of results over other needs, by investing the necessary resources & making necessary efforts to meet goals.
• Flexibility: work in an evolving, fast paced, and dynamic environment.
• Skilled in evaluating information for reliability, validity, and securing network communications.
• Analytical Thinking: breaking down a problem/situation, verifying all pertinent facts and drawing an appropriate conclusion.
• Experience leading and managing small operational teams a plus
• Experience with social engineering exercises and campaigns.
• Knowledge of incident response and best practices.
• 5+ years of Cyber Security Operations experience

If you have other combinations of relevant skills and experience that you expect make you the right candidate for this role, please let us know

Who we are:

At Pondurance we embrace, educate, and protect people by helping make our world a better and safer place. We believe in inviting good people into our company who are driven to become great!

Every person at Pondurance is encouraged to focus and grow in their individual areas of interest, passion, and career path. We have accessible leaders as Mentors who believe “None of us are as smart as all of us” (R. Pelletier).

We believe everyone has the freedom to be themselves, especially at work and so we embrace, support, and celebrate each other. Each one of us influences our company’s direction through speaking up, you have a voice and we want you to use it.

Do you want to be a part of something different? Do you want to influence real change? Do you want to be part of the solution? Then join us in redefining the security and cyber risk landscape.

What We Offer:

The opportunity to apply your expertise, take on new challenges, and help customers address their biggest security objectives.

An inclusive culture of teamwork that embraces the diversity of our people and communities in which we work.

Some of the corporate benefits (there are more) for full-time employees include:

• Medical, dental, vision, disability, FSA, HSA, life and AD&D insurance, 401(k) Plan.
• Money: We provide competitive compensation packages based on the market and your overall credentials.
• Time off: PTO, sick, holiday, & parental leave details are available

To promote a healthy and safe work community we require background and drug screenings as part of our hiring process. Details of our process will be provided upon request.

We are an equal opportunity employer focused on celebrating diversity and inclusion. We believe that each individual should be treated equally without regard to race, color, identity, national origin, protected veteran status, religion, sex including sexual orientation and gender identity, disability, or any other characteristic protected by law.