Cybersecurity Service Provider (CSSP) Operations Team Lead

Job Description

The Cybersecurity Service Provider (CSSP) 24/7 Operations Team Lead serves as the senior subject matter expert (SME) and operational leader responsible for directing continuous cybersecurity monitoring, event analysis, incident response, vulnerability management, and security infrastructure operations across all assigned classified and unclassified enclaves. This role oversees a 24/7/365 cyber operations team and ensures operational compliance with DoD, Defense Cyber Defense Command (DCDC), U.S. Cyber Command, DISA, and Zero Trust cybersecurity requirements.

The Team Lead provides daily supervision of technical staff, leads mission-critical response operations, coordinates with senior Government stakeholders, and ensures the protection, detection, and defense of all Government IT assets in accordance with DoD cybersecurity policy frameworks.

Key Tasks & Responsibilities

• Operational Leadership
• Lead, coordinate, and manage the 24/7 cyber operations team responsible for monitoring, detection, triage, and response across all network enclaves.
• Serve as senior operational authority for active cyber events, incident escalation, and enterprise security actions.
• Provide daily supervision, scheduling, and direction to CSSP operations staff in support of continuous monitoring requirements.
• Maintain situational awareness of cyber threats, adversarial activity, and operational risk across the environment.
• Provide expert-level technical direction, strategic advice, and operational guidance for all CSSP mission areas.
• Lead operational planning, milestone development, risk assessments, and major technical decisions.
• Oversee complex or mission-critical cybersecurity programs and ensure all technical requirements are met.
• Interface with senior Government leadership for incident reporting, operational decisions, and program priorities.
• Supervise junior staff and mentor technical team members.
• Continuous Monitoring & Event Analysis
• Oversee 24/7 security event monitoring, log correlation, anomaly detection, and analysis of alerts.
• Ensure rapid detection of threats involving malware, unauthorized access, data exfiltration, insider activity, and network exploitation.
• Utilize SIEM platforms (e.g., ArcSight) and IDS/IPS technologies for real-time analysis.
• Incident Response & Reporting
• Act as the central POC for Computer Emergency Response.
• Lead incident investigations, containment, eradication, and recovery actions.
• Provide internal and external incident reporting IAW DoD requirements.
• Support DoD-CERT and JFHQ-DODIN direction during cyber events.
• Vulnerability & Patch Management
• Operate and manage enterprise vulnerability scanning platforms (ACAS).
• Conduct monthly scans, IAVA processing, remediation tracking, and POA&M development.
• Perform STIG compliance checks and secure baseline validation.
• Security Infrastructure Support
• Oversee the operation and maintenance of enterprise security technologies including:
• IDS/IPS
• Endpoint Security System (ESS)
• ACAS
• Network perimeter defense tools
• Traffic monitoring and forensic systems
• Penetration testing solutions
• SIEM tools
• Ensure performance, tuning, and configuration are optimized and aligned with Zero Trust architecture.
• Security Audits & Compliance
• Perform audits on servers, workstations, network devices, and enclave infrastructure.
• Ensure compliance with:
• DoDI 8500.01 (Cybersecurity)
• DoDI 8510.01 (RMF)
• DoDD 8140.01
• DISA STIGs
• IAVA requirements
• CJCSM 6510.01
• JFHQ-DODIN and U.S. Cyber Command directives
• Conduct Security Readiness Reviews (SRRs) and validate secure configurations.
• Cybersecurity Program Execution
• Support the development and execution of a Cybersecurity Compliance Plan ensuring confidentiality, integrity, and availability (CIA) of Government systems.
• Participate in continuous monitoring and scoring programs including CMRS, Cyber Threat Score, Cyber Top 10, etc.
• Documentation & Reporting
• Develop and maintain:
• POA&Ms
• AORs
• Security Override Letters
• Operational reports
• Incident summaries
• Vulnerability analysis reports
• Ensure timely reporting and corrective action planning for all non-compliance findings.
• Change Control & Configuration Management
• Enforce strict change control procedures to prevent unauthorized system, network, and application changes.
• Ensure compliance with DoD-approved ports, protocols, and services (PPS) configurations.
• Emerging Technology & Continuous Improvement
• Evaluate emerging technologies and recommend improvements to operational processes, monitoring capabilities, and threat detection techniques.
• Develop advanced operating procedures, troubleshooting guides, installation guides, and security documentation.
• Functional Areas Supported
• The CSSP 24/7 Operations Team Lead oversees or contributes to the following functions:
• Security Infrastructure Support Services
• Security Event Monitoring & Analysis
• Cybersecurity Incident Response
• Audit Support & Compliance Guidance
• Security Analysis & Reporting
• Cybersecurity Policy Review
• Information Assurance Vulnerability Management
• Mission Cloud & On-Premises Security Operations
• Emerging Technology & Process Improvement
• Cyber Program Operations & Planning
• Desired Skills & Competencies
• Expert understanding of DoD cyber defense, enterprise security tools, and mission operations.
• Demonstrated ability to lead high-tempo cyber operations teams in a 24/7 environment.
• Strong communication skills to interface with senior Government leadership.
• Ability to balance mission urgency with compliance and structured processes.
• Advanced knowledge of SIEM, IDS/IPS, ESS, ACAS, STIGs, Zero Trust, and enterprise security architecture.

Education & Experience

• Minimum Education
• Bachelor's degree in a related field.
• Graduate-level degree preferred.
• Equivalent experience and industry certifications may substitute for formal education.
• Minimum General Experience
• Ten (10) years of experience in Information Technology.
• At least eight (8) years of experience as a Security Administrator or in a similar technical role, or a closely related IT discipline involving oversight of large, complex, multi-site programs.

Certifications

• CISSP or equivalent required
• Information Assurance Technical (IAT) II required
• Computing Environment (CE) certification relevant to Microsoft, Linux, Cloud, or other privileged access technologies (required)
• ITIL Required
• Must maintain all mandatory certifications

Security Clearance

• Must be a U.S. Citizen.
• Selective Service registration required (if applicable).
• Top Secret Security Clearance required
• Must maintain fitness and eligibility for national security positions

Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)

• Onsite at customer location

Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.

Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Human Resources at [email protected] .

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.