SOC Lead (Government) Att
Vienna, VA

Job Description

As a Security Operations Center (SOC) Manager, you will be responsible for developing and executing SOC strategy and overseeing a team of Junior-Senior SOC Analysts supporting a global implementation of Microsoft UC (Skype for Business).

The SOC team will perform incident monitoring, threat detection, analysis, and handling, including coordination of response across multiple commercial and government Cyber Defense Teams. Your team will monitor information security systems and analyze alarms or events for potential threats and intrusions, categorize alarms and events, and notify proper channels as required for all security incidents.

As part of daily operations, your team will generate and submit security incident tickets and reports, analyze and assess real or suspected incidents that are reported from internal and external sources.

In this role, you will you will be responsible for the following:

* Oversee the team(s) performing Security Incident Management aligned with NIST, DoD or DHS standards
* Oversight, monitoring and tuning of security systems, including the following: Intrusion Detection & Prevention Systems;

Endpoint Security Systems; Security Information and Event Management Systems; Web Proxy Systems; Log Management

Systems; Firewall Systems; Full Packet Capture Systems; Data Loss Prevention Systems; Object Level Auditing Systems;

Endpoint Forensics; Wireless LAN Monitoring Systems; Database Security Monitoring; Compliance & Threat Modeling

Systems

* Develop and maintain security policies, procedures, Run Book and Incident Management Plan
* Manage consistent daily, weekly and event-based reporting, and manage knowledge base for sharing and transfer of

experience

* Perform gap analysis and provide strategic and tactical recommendations on security issues, and scale systems considering

new threat or devices and valuate and contribute to the security posture of the organization

* Review vulnerabilities and track resolution
* Review and process threat intel reports
* Manage and supervise technical staff working a 24x7 rotation. Provide, administer, track, and oversee technical training of

staff

* Must be able to work effectively in a team and supervise that team. Must be able to meet deadlines, manage time effectively,

juggle multiple issues and projects, etc

* Must be able to handle end to end security events including detection, coordination, communication, response, and

remediation

* Report to internal and customer management to collaborate for new initiatives and technical planning
* Design, implement, manage and enforce SOPs for clients and internal use
* Serves as an escalation point of contact when needed
* This position requires the ability to work shifts on a 24*7*365 schedule, including on-call.
* Provide system related input on IA security requirements to be included in statements of work and other appropriate

procurement documents.

* Participate in the development or modification of the computer environment IA security program plans and requirements.
* Develop procedures to ensure system users are aware of their IA responsibilities before granting access to DoD information systems.
* Supervise or manage protective or corrective measures when an IA incident or vulnerability is discovered.
* Ensure that system security configuration guidelines are followed.
* Ensure that IA requirements are integrated into the Continuity of Operations Plan (COOP) for that system or DoD

Component.

* Ensure that IA security requirements are appropriately identified in computer environment operation procedures.
* Ensure that IA inspections, tests, and reviews are coordinated for the CE.
* Participate in an IS risk assessment during the Certification and Accreditation process.
* Notify the account manager/ISSM/ISSO when accounts are no longer required, when users are terminated or transferred, or

when individual UC SCSS usage or need-to-know changes

* Comply with the security requirements set forth in the Security Plan and applicable directives for the safe and secure

operation of the UC platform as outlined in the Acceptable Use Policy

* Have the requisite training to operate the UC platform and complete IA Training and review and sign the Acceptable Use

Policy

* Maintain positive physical control of the UC platform components within their areas of responsibility
* Ensure no information higher than the approved program classification level is processed by the UC platform
* Handle and secure the UC platform data according to the appropriate classification level
* Safeguard the UC platform from unauthorized transmissions of data (such as sending data without encryption), tampering

with the UC platform hardware, or manipulating the resident and application software

* Report to the ISSM/ISSO or Program Manager any attempt to gain unauthorized access to Unclassified, Sensitive defense

information, any failure, or any suspected defect which could lead to unauthorized disclosure of Unclassified, Sensitive

information

* Report suspected (or actual) security violations or practices dangerous to security to the ISSM/ISSO or security manager
* Reviews the Access Control policy
* Maintains an understanding of Information Assurance (IA) policies, current Cybersecurity threats, and incident response

reporting procedures to ensure the assets, and the information processed are protected from any actions which could jeopardize

the UC platform's ability to effectively and securely function.

* Immediately notifies their ISSM/ISSO Personnel if they suspect their passwords or token cards have been compromised
* Takes DoD insider threat awareness training annually to recognize and report insider threats
* Reports all potential or malicious incidents immediately to the ISSM/ISSO If none of the aforementioned are available users

contact the US-CERT (formerly CONUS and South RCERT) immediately

* Reviews the Media Protection Policy
* Marks and labels ALL UC media indicating the distribution limitations, handling caveats, and applicable security markings

(if any) of the information

* Reviews the physical security plan
* Reviews the Security Assessment and Authorization policy 1.10.8

Knowledge, Skills, and Abilities

* Proven leader with strong skills for building Client relationships with excellent oral and written communication skills
* Ability to operate a team using ITIL service management standards, including managing a catalog of services and measuring

performance

* Past and current demonstrable ability leading, supervising and managing a team
* Past and current demonstrable ability to persuade and lead a team and customers
* Past and current demonstrable ability to resolve conflicts and situations
* Excellent organization skills and time management practices
* Past and current demonstrable ability to design and enhance security systems, processes and procedures to increase

efficiency and results

* Past and current continuous self-education in multiple personal and professional endeavors
* Candidates must be able to work on-site in San Antonio, TX
* Authorized to work in the US without sponsorship now or in the future

Certifications and Experience

* 5-8 years of IT security work
* 5+ years of related experience in a SOC Management capacity
* Relevant industry certifications are required, including, but not limited to CISSP

Years' Experience with Splunk

* Hold at least a US Secret Clearance
* Hold Security + Certification
* Meet IAM I Certification requirements
* Bachelor's degree in Cybersecurity or related field or equivalent experience

AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V

Job ID 1924706 Date posted 06/21/2019