• Subject Matter Expert III - Security Operations Center

    Job Location
    # of Openings
    Security Clearance
    Active Top Secret
    Percentage of Travel Required
    Regular Full-Time
  • Overview

    Team provides Computer Network Defense (CND) and Response support through 24x7x365 monitoring and analysis of potential threat activity targeting the enterprise. Team conducts, analyzes cyber threats, monitors the enterprise systems, and collects information on and identifies security incidents and supports the remediation of all security incidents.


    This position requires shift work - day/night/weekend 24/7 in support of this security operations monitoring, detection, and network defense task.


    Lead team that conducts security event monitoring, advanced analytics and response activities in support of the CND operational mission. To ensure the integrity, security and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis and incident response.


    • Oversee the daily operations of the SOC and plans shift activities 
    • Be the incident leader for most business disruptions and crisis incidents and supports Agency leadership during the activation of escalated incidents
    • Develop and deliver process improvements for the SOC in order to maintain operational readiness for incident response
    • Monitor and report on call volumes, alarm responses and incident reports to ensure appropriate levels of service are met
    • Partner with IT leadership and teams to support operational issues and prepare for potential incidents 
    • Support annual updates of the incident response concept of operations document
    • Support annual incident response table top exercises
    • Lead and coach SOC I and SOC II staff members
    • Work as part of a 24x7x365 team delivering real time proactive monitoring and maintenance of supported security tools and associated rules and signatures
    • Carry out triage on security events, coordinate incidents with IT operations, network engineering, and application teams and support the incident management process
    • Identify and respond to incidents, to prevent or limit damage to assets, and report incidents
    • Detect and analyze incidents, coordinate activities with other stakeholders for containing, eradicating, and recovering from incidents
    • Development of advanced analytics and countermeasures to protect critical assets
    • IDS monitoring and analysis, network traffic and log analysis, prioritization and differentiation between potential intrusion attempts, determination of false alarms, insider threat and APT detection, and malware analysis/forensics
    • Supports the production and maintenance standard operational processes and procedures and playbooks for use by all shift personnel
    • Provide enterprise-wide management of security incidents, managed network space, to detect, respond, and report all computer related incidents that includes daily monitoring of information systems, vulnerability remediation, intrusion detection, log reviews, and malware tracking
    • Assess, identify, and remediate of the individuals and/or systems affected
    • Coordinate all information security incidents complied with timeline specifics
    • Coordinate the development of reports from the SIEM, NIDS, and HIDS
    • Remain up to date with current attack methods and characteristics in order to identify threats and advise on prevention, mitigation and remediation.


    • Education:
      • Bachelor’s degree preferred
    • Required Knowledge/Experience:
      • A minimum of a Security+ certification
      • Combination of 10 years’ information security education experience
      • Experience writing threat reports and other management level communications
      • Leadership experience of teams of 10 or more
      • Shift management experience
    • Preferred Knowledge/Experience:
      • ServiceNow ticketing and reporting experience
      • Linux, Windows, and Active Directory experience
      • Splunk SPL experience
      • Experience with FireEye and Palo Alto network security solutions
      • ITILv3 experience
      • Cloud and mobile device experience
      • ForeScout CounterAct, DLP solutions, McAfee EPO, SailPoint experience
      • Enterprise wireless security, identity and key management solutions
      • Experience with classified information controls

    Other Responsibilities

    • Perform other tasks consistent with the goals and objectives of the department/contract
    • Perform other duties as assigned by Sr Program Executive

    Invest in a company that invests in you! Copper River provides its employees with ample opportunities for career growth and development. Tuition reimbursement is offered to help employees further their education and skillset. Other perks include Open Leave, 401k matching with immediate vesting, Medical, Vision, and Dental coverage.


    EEO/AA Employer Minorities/Females/Vets/Disability


    Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed