Build Your Career in Cybersecurity -
YOUR WAY

Summary Information about the Role

​

The Cybersecurity Security Operations Center (CSOC) Manager’s core function is to provide leadership and oversee the administration of the CSOC, including security engineers and security analysts. The CSOC is responsible for monitoring and alerting on cybersecurity events, ensuring the maintenance of the current and future technologies, and continually analyzing threat data to find ways to improve the organization's security posture. This position requires both the ability to tactically focus on immediate threats at hand as identified in alerts and intelligence as well as strategically remain focused on Initiatives tasked by senior leadership. Candidates must be highly analytical, technically competent, and have an ability to provide focus and calm during incident response scenarios. The ability to lead groups or move forward initiatives is essential. In addition, the ability to plan for future team needs requires staying informed of current events in technology platforms and the Cybersecurity industry.

​

Company Overview

​

NA

• Manage team employees reporting directly to you. Responsibilities include preparing midyear and annual staff evaluations and addressing both opportunities for growth (such as promotions) or improvement (such as employee performance improvement plans) as performances warrant.
• Manage the on-call rotation and time off for the SOC
• Providing regular training sessions and mentorship opportunities to facilitate knowledge-sharing within the team.
• Hiring new staff members or contracting outside services to supplement your team's capabilities when needed.
• Responsible for vendor management - existing and future contractual relationships with technology and service providers. This includes working to address support issues, contract renewals / discrepancies, bi-weekly meetings, Quarterly Business Reviews, etc.
• Track tool performance / utilization to measure return on investment and support future evaluation / rationalization needs.
• Responsible for identifying tool / service evaluation opportunities. Working closely with the Security Threat Architect.
• Responsible for day-to-day CSOC budget management
• Lead your team and communicate with management during incident response (IR) to ensure timely notification and containment occur. Responsibilities include ensuring communicating, documenting IR progress, and following through with post-mortem reviews.
• Ensure CSOC meets regulatory compliance of both internal and external auditors by adherence to policies and procedures. Ensure version control of SOC alerts as well as least privilege access to logs and investigation data.
• Ensure synchronization and collaboration between the CSOC and Cyber Threat Intelligence team.
• Work with other departments to identify the root causes of security incidents and develop strategies to mitigate these risks.

​

Strategy & Planning

​

• Work with employees on Individual Development plans. Interface with management and Human Resources to ensure plans meet business needs and provide measurable advancement steps to employee promotion and realization of career goals.
• Responsible for building and briefing at the monthly Governance Board meetings for existing or future spend as appropriate.
• Responsible for planning and prioritizing annual spend for CSOC in support of Operational Plan Development and advising upper management on budget forecasting.
• Improve incident response times, reduce false positives and other extraneous alerts, and enhancing threat detection capabilities.
• Work with CSOC and architecture in determining technology and resource requirements.
• Participate in engagement with other service families and departments in addressing CSOC logging and monitoring needs. Engage with same groups in developing Enterprise logging and monitoring strategies and solutions.
• Stay abreast of business and technological developments to properly prepare CSOC future posture.

​

Acquisition & Deployment

• Work with upper management to understand budget availability to shape CSOC efforts.
• Supervise team and/or perform compliance assessments to include Proof of Value (PoV) or Proof of Concept (PoC) for new program security tools.
• Provide an accurate technical evaluation of the software application, system, or network, documenting the security posture, capabilities, and vulnerabilities against relevant information assurance policies.

​

Incidental Functions

• Assist with other projects as required to contribute to efficiency and effectiveness of the organization.
• Travel may be required but should not exceed 10% of work time.
• Work outside the standard office 7.5-hour workday may be required with on-call availability.

Required Qualifications

​

• Bachelor’s Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business)
• 10+ years IT experience.
• 8+ years IT security experience
• 4+ years of leading and managing a team of direct reports
• Minimum 1 year experience with cyber-security investigations and incident response.
• Minimum 1+ years of experience in process analysis and improvement.
• Background in metrics/reporting.
• Experience identifying and implementing solutions to complex business problems.
• Understanding of various operating systems (z/OS, Window, UNIX, Linux, AIX, etc.) with an emphasis on vulnerability assessment and hardening.
• Ability to analyze reports by reviewing incident or threat frequency, severity, and duration data.

​

Preferred Qualifications

​

• Experience in a Security Operations Center (SOC) or working with a Managed Security Service Provider (MSSP)
• Supervisory and/or Management experience preferred.
• Budget management
• Vendor Management
• Understand Log Management process and program
• Certifications: Lean, CISSP, SANS GIAC, or CISM
• Project Management concepts: use of JIRA, Planner, etc.
• Delivery of Metrics demonstrating proof of value and key performance indicators
• Understanding of CVSS, CVE, CWE, CPE, CCE, CWE, OVAL, SCAP and/or other standards.
• Familiar with both IT and OT detect and respond functions
• Familiar with email security tools such as Proofpoint, Abnormal Security, O365, etc.
• Understanding of Threat Analysis and Threat Intelligence.
• Experience with Security and Information and Event Monitoring (SIEM) products such as Sumo Logic, Splunk, etc.
• Experience with Vulnerability Management products such as Qualys and WIZ.
• Utilize key performance indicators to track analyst workloads as well as the efficiency of detection signatures/rules and associated monitoring technologies.
• Benchmark and implement industry best practices to mitigate potential threats.
• Support the preparation of appropriate reports and communicate status and results.
• Familiarity with SOC-CMM

​

Personal Attributes

​

• Strong analytical, evaluative, and problem-solving abilities.
• Strong leadership skills
• Ability to motivate in a team-oriented, collaborative environment.
• Ability to set and manage priorities.
• Strong written and oral communication skills.
• Strong interpersonal skills.
• Ability to present ideas in business-friendly and user-friendly language.
• Self-motivated and directed.
• Keen attention to detail.
• Commitment to fostering a culture of inclusion and diversity
• Hybrid on-site and remote work.
• Minimal travel is required.
• Work outside the standard office 7.5-hour workday may occasionally be required for on-call coverage or overseeing after-hours team investigations.

• This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.
• This position has a hybrid work schedule with three days in the office and the option for working remotely two days.
• Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company’s staff, employees, and business relationships.

Summary

Orion Innovation is a premier, award-winning, global business and technology services firm. Orion delivers game-changing business transformation and product development rooted in digital strategy, experience design, and engineering, with a unique combination of agility, scale, and maturity. We work with a wide range of clients across many industries including financial services, professional services, telecommunications and media, consumer products, automotive, industrial automation, professional sports and entertainment, life sciences, ecommerce, and education.

• Ensure routine system reviews are conducted on assigned systems.
• Keep abreast of industry security trends and developments, as well as applicable government regulations.
• Conduct security audits and vulnerability and threat assessments, and directing responses to network or system intrusions
• Ensuring fulfillment of legal and contractual information security and privacy mandates, including providing executive management with compliance reports and audit findings
• Preventing and detecting intrusion

Skills:

• The information systems security analyst must be knowledgeable of information technology security principles, as well as common office technology tools.
• Multitasking and excellent customer service, communication and organizational skills.
• Will need to able to have problem solving skills, support project work, consolidate team feedback into technical writing.
• Looking for someone 3-5 years of experience, manager is also open to college grads that are eager to jump in and provide support.

​

Education:

• Bachelor’s degree in information systems or an equivalent combination of education and experience, along with two or more years of systems and network security experience.
• Industry certifications, such as the Certified Information Systems Security Professional (CISSP) or the CompTIA Security+, are also sought.

​

Certifications & Licenses:

• CISSP - Certified Information Systems Security Professional
• Security+

Orion is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, citizenship status, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

​

Candidate Privacy Policy

​

Orion Systems Integrators, LLC and its subsidiaries and its affiliates (collectively, “Orion,” “we” or “us”) are committed to protecting your privacy. This Candidate Privacy Policy (orioninc.com) (“Notice”) explains:

• What information we collect during our application and recruitment process and why we collect it;
• How we handle that information; and
• How to access and update that information.

Description

​

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

​

Northrop Grumman, Defense Systems, is seeking a self-motivated, energetic individual to work at a government customer site in Stafford, Virginia as a Cybersecurity Analyst.

• Well versed in Risk Management Framework (RMF) processes, advanced cyber security tools and methods, and implementing security controls and solutions.
• Job responsibilities include installing, maintaining, and utilizing cyber security tools such as Security Center, and Nessus Manager.
• Individual will write test plans, audit security controls, conduct self-check reviews, and provide technical direction and assistance with corrective or mitigation solution implementation.
• Perform continuous monitoring tasks in compliance with minimum required intervals, review and analyze logs, audits, alerts, investigate anomalies and suspicious activity reports, and document and report findings in a timely manner.
• Perform compliance scanning and generate reports (STIG, SCAP and Vulnerability), validate findings generated by internal and external customers prior to integration, and support and guide the accreditation process for multiple networks.
• Individual will serve as SME (Subject Matter Expert) and guide others through the RMF process. Prior experience in system lifecycle and accreditation using RMF, ICD 503, Xacta and/or eMASS is necessary.
• Prior System Administration experience on Windows, Linux and Cisco is desired
• Knowledge of HBSS, and ePO is a plus.
• Ancillary duties may include setting up administrator and service accounts, maintaining system documentation, tuning system performance, installing system wide software and allocating mass storage space.
• Support 24/7 weekend rotation (~every 14 weeks)

Basic Qualifications:

• Bachelor's degree with 5 years of experience OR Master's degree with 3 years of experience OR PhD with 0 years of experience
• Security+ or equivalent certification required
• Information Assurance Technical Workforce (IAT) level II or higher
• Position requires a current Top Secret security clearance with SCI and must be able to successfully complete a CI polygraph
• Will work closely with other contractors and government customers
• Ability to travel (less than 10% of time)
• Candidate requires strong system Windows & Server Administrator skills to support the smooth operation of multi-user computer systems.

RELOCATION ASSISTANCE: No relocation assistance available

CLEARANCE TYPE: Top Secret

TRAVEL: Yes, 10% of the Time

​

Salary Range: $110,300.00 - $165,500.00

The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.

Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

​

Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit http://www.northropgrumman.com/EEO. U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.