Posted today
Secret
Mid Level Career (5+ yrs experience)
Unspecified
Occasional travel
IT - Security
Honolulu, HI (On-Site/Office)
BreakPoint Labs is seeking a Battle Watch Captain to serve as the focal point for 24/7/365 network monitoring and cyber defense coordination within a Cybersecurity Service Provider (CSSP) environment. This leadership role provides mentorship to Tier 2 analysts to ensure continuous and effective monitoring of subscriber networks and swift response to cyber threats.
The Battle Watch Captain is responsible for maintaining operational effectiveness by assigning tasks, monitoring performance, and ensuring adherence to established analytical frameworks, organizational policies, and industry standards. The Battle Watch Captain acts as a crucial liaison for external communications, facilitating coordination between other internal CSSP teams, subscribers, USCYBERCOM, DCDC, and peer CSSPs, playing a pivotal role in protecting subscriber networks and maintaining the security posture of system infrastructure.
Responsibilities include:
- Guide incident response (IR)/investigation processes during campaigns, ensuring tasks are completed, vetted, and properly documented.
- Coordinate with reporting agencies and subscriber sites to ensure timely and accurate incident reporting.
- Analyze and respond to validated security incidents, determining severity and impact per CJCSM 6510.01B.
- Conduct log correlation analysis using applicable tools to identify patterns in network and system activity.
- Perform network and host-based digital forensics on Windows and other operating systems as needed.
- Support IDS/IPS signature development and implementation, under guidance.
- Maintain an in-depth understanding of security concepts, protocols, processes, architectures, and tools.
- Conduct ticket reviews and indicator/analysis quality control.
- Ensure proper turnover of tasks and findings within the verbal turnover and the shift roll-up tab of the campaign documentation.
- Compile and maintain internal Standard Operating Procedure (SOP) documentation, ensuring compliance with CJCSM 6510.01B, and other directives.
- Provide mentorship to Tier 2 analysts to improve triage efficacy.
- Overtime may be required to support incident response actions (Surge)
- Up to 10% travel may be required.
Required Experience:
- 2+ years of experience leading or managing incident response cases
- Comprehensive knowledge of CJCSM 6510.01B
- Expert knowledge of Incident Response procedures and coordinating response actions
- Expertise in IDS/IPS solutions, including signature development and optimization
- Experience with Digital Forensics across multiple operating systems
- Demonstrated expert-level knowledge of Incident Response Procedures
- Advanced proficiency with host-based tools and operating system logging
- Deep expertise in log aggregation tools (e.g., Splunk, Elastic, Sentinel) for complex correlation analysis
- Exceptional logical thinking and analytical ability
- Superior verbal and written communication skills
- Proven ability to solve complex problems independently
Certifications: IAT Level II and CSSP Certification
Security Clearance Required: Secret
Education Level Required: Bachelor’s Degree; Area(s) of relevant discipline or at least 8 years of experience in a CSSP, SOC, or similar.
The Battle Watch Captain is responsible for maintaining operational effectiveness by assigning tasks, monitoring performance, and ensuring adherence to established analytical frameworks, organizational policies, and industry standards. The Battle Watch Captain acts as a crucial liaison for external communications, facilitating coordination between other internal CSSP teams, subscribers, USCYBERCOM, DCDC, and peer CSSPs, playing a pivotal role in protecting subscriber networks and maintaining the security posture of system infrastructure.
Responsibilities include:
- Guide incident response (IR)/investigation processes during campaigns, ensuring tasks are completed, vetted, and properly documented.
- Coordinate with reporting agencies and subscriber sites to ensure timely and accurate incident reporting.
- Analyze and respond to validated security incidents, determining severity and impact per CJCSM 6510.01B.
- Conduct log correlation analysis using applicable tools to identify patterns in network and system activity.
- Perform network and host-based digital forensics on Windows and other operating systems as needed.
- Support IDS/IPS signature development and implementation, under guidance.
- Maintain an in-depth understanding of security concepts, protocols, processes, architectures, and tools.
- Conduct ticket reviews and indicator/analysis quality control.
- Ensure proper turnover of tasks and findings within the verbal turnover and the shift roll-up tab of the campaign documentation.
- Compile and maintain internal Standard Operating Procedure (SOP) documentation, ensuring compliance with CJCSM 6510.01B, and other directives.
- Provide mentorship to Tier 2 analysts to improve triage efficacy.
- Overtime may be required to support incident response actions (Surge)
- Up to 10% travel may be required.
Required Experience:
- 2+ years of experience leading or managing incident response cases
- Comprehensive knowledge of CJCSM 6510.01B
- Expert knowledge of Incident Response procedures and coordinating response actions
- Expertise in IDS/IPS solutions, including signature development and optimization
- Experience with Digital Forensics across multiple operating systems
- Demonstrated expert-level knowledge of Incident Response Procedures
- Advanced proficiency with host-based tools and operating system logging
- Deep expertise in log aggregation tools (e.g., Splunk, Elastic, Sentinel) for complex correlation analysis
- Exceptional logical thinking and analytical ability
- Superior verbal and written communication skills
- Proven ability to solve complex problems independently
Certifications: IAT Level II and CSSP Certification
Security Clearance Required: Secret
Education Level Required: Bachelor’s Degree; Area(s) of relevant discipline or at least 8 years of experience in a CSSP, SOC, or similar.
group id: 90987816
