Today
Top Secret
Unspecified
Unspecified
IT - Security
(On-Site/Office)
Marathon TS is currently looking for a Cyber Ops Specialist Tier III who will:
• Document the flow of data and identify multiple distinct data sources where suspicious behavior can be identified - must also be able to identify supplemental sources where similar data may be found.
• Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation.
• Review existing security events and lead in the development of refinements as necessary.
• Participate in the development of technical security standards to support policies including monitoring standards and incident investigation procedures.
• Respond to security requests from customers.
• Handle ad-hoc requests from leadership.
Required Qualifications
*Note: Presence on-site is mandatory for two days per week, either in Washington, DC, or Manassas, VA.
• Subject Matter Expert (SME) on two (2) or more of the following: Log Analysis/Event Detection, Malware Analysis, Cloud Security, Network Access Control, Security Automation, Incident Response, Detection Engineering, Cyber Threat Hunting
• Coordinate incident response with security operations staff and serve as incident response or hunt lead.
• Ability to develop and document a hunt plan and the capability to develop standardized detection mechanisms based on the hunt plan.
• Ability to work with staff to develop a vision and independently lead the implementation of new capabilities.
• Ability to lead in the development and performance of quality control checks for cybersecurity operations.
• Ability to lead in the development and performance of operational metrics for cybersecurity operations.
• Ability to lead in the development and performance of project management for cybersecurity operations.
• Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation.
• Ability to identify new data sources for determination of security events:
• Analyze raw data sources to extract, institutionalize, and document actionable events.
• Review existing security events and propose refinements, automation, and/or broaden handling capabilities as appropriate.
• Ability to communicate the current status of security:
• Identify and report on metrics related to the operations of the team.
• Identify and report on project status related to augmenting detection ability.
• Ability to work with security tools that emulate adversary-like actions and personnel to develop, document, and test detection mechanisms and to close the loop by working with the applicable teams to improve security by resolving findings.
• Ability to develop detailed multi-month and resourced project plans providing timely updates.
• Work with executive management to determine acceptable levels of risk for the enterprise.
• Ability to lead in the development of technical security standards to support policies including monitoring standards and incident investigation procedures.
• Interact with other stakeholders in the community for troubleshooting/content development/etc. This interaction could include other members of other members of cybersecurity, the networking team, systems administrators, technology support partners, etc.
• Ability to handle quality assurance on events and escalations, including performing triage and root cause analysis on security events.
• Ability to support incident response and hunt activities - from performing active analysis, to developing and documenting additional detections, to developing an after-action plan and tracking its implementation.
• Ability to contribute to cybersecurity project plans providing timely updates.
• Ability to communicate the status of security operations, to include developing, executing, documenting, and training repeatable organizational metrics.
• Ability to determine gaps in current capabilities, evaluate new settings and technologies, and recommend improvements to remediate those gaps - at both a technical and process level.
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").
#CJJOBS
• Document the flow of data and identify multiple distinct data sources where suspicious behavior can be identified - must also be able to identify supplemental sources where similar data may be found.
• Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation.
• Review existing security events and lead in the development of refinements as necessary.
• Participate in the development of technical security standards to support policies including monitoring standards and incident investigation procedures.
• Respond to security requests from customers.
• Handle ad-hoc requests from leadership.
Required Qualifications
*Note: Presence on-site is mandatory for two days per week, either in Washington, DC, or Manassas, VA.
• Subject Matter Expert (SME) on two (2) or more of the following: Log Analysis/Event Detection, Malware Analysis, Cloud Security, Network Access Control, Security Automation, Incident Response, Detection Engineering, Cyber Threat Hunting
• Coordinate incident response with security operations staff and serve as incident response or hunt lead.
• Ability to develop and document a hunt plan and the capability to develop standardized detection mechanisms based on the hunt plan.
• Ability to work with staff to develop a vision and independently lead the implementation of new capabilities.
• Ability to lead in the development and performance of quality control checks for cybersecurity operations.
• Ability to lead in the development and performance of operational metrics for cybersecurity operations.
• Ability to lead in the development and performance of project management for cybersecurity operations.
• Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation.
• Ability to identify new data sources for determination of security events:
• Analyze raw data sources to extract, institutionalize, and document actionable events.
• Review existing security events and propose refinements, automation, and/or broaden handling capabilities as appropriate.
• Ability to communicate the current status of security:
• Identify and report on metrics related to the operations of the team.
• Identify and report on project status related to augmenting detection ability.
• Ability to work with security tools that emulate adversary-like actions and personnel to develop, document, and test detection mechanisms and to close the loop by working with the applicable teams to improve security by resolving findings.
• Ability to develop detailed multi-month and resourced project plans providing timely updates.
• Work with executive management to determine acceptable levels of risk for the enterprise.
• Ability to lead in the development of technical security standards to support policies including monitoring standards and incident investigation procedures.
• Interact with other stakeholders in the community for troubleshooting/content development/etc. This interaction could include other members of other members of cybersecurity, the networking team, systems administrators, technology support partners, etc.
• Ability to handle quality assurance on events and escalations, including performing triage and root cause analysis on security events.
• Ability to support incident response and hunt activities - from performing active analysis, to developing and documenting additional detections, to developing an after-action plan and tracking its implementation.
• Ability to contribute to cybersecurity project plans providing timely updates.
• Ability to communicate the status of security operations, to include developing, executing, documenting, and training repeatable organizational metrics.
• Ability to determine gaps in current capabilities, evaluate new settings and technologies, and recommend improvements to remediate those gaps - at both a technical and process level.
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").
#CJJOBS
group id: 10362312
