This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Serves as the Lead Cybersecurity Operations (SECOPS) contractor, providing senior-level technical leadership and operational support to the Agency’s IT Security Program.
Job Responsibility:
Serves as the Lead Cybersecurity Operations (SECOPS) contractor, providing senior-level technical leadership and operational support to the Agency’s IT Security Program
Supports and coordinates SECOPS activities under government direction and maintains technical inputs to the Agency’s IT Security Program
Provides senior technical advisory support to the Chief Information Security Officer (CISO) on developments in cybersecurity, information security (INFOSEC), and IT security, including emerging threat vectors, advanced persistent threats (APTs), attack surface analysis, and identified weaknesses
Supports Agency-level technical implementation of approved cybersecurity policies, standards, and directives by developing technical documentation, implementation guidance, and draft procedures for government review and approval
Leads day-to-day contractor cybersecurity operations activities within the SECOPS function, supporting government-led oversight of systems and services that impact the Agency’s mission and critical infrastructure
Implements and administers cybersecurity incident handling (IH) and incident response (IR) capabilities, including SIEM dashboards, detection inputs, incident response playbooks, and operational metrics, to improve efficiency and effectiveness of security operations
Facilitates and coordinates SECOPS activities in support of the Agency’s Information Security (INFOSEC) Program, assisting Agency system security personnel and Information System Security Officers (ISSOs)
Serves as the senior technical advisor for threat, vulnerability, and configuration management activities, providing threat intelligence analysis, mitigation recommendations, and defensive strategy insights to Agency stakeholders
Requirements:
Demonstrated ability to guide technical discussions and provide expert advisory support to senior government officials, including the CISO, system owners, SOC staff, and executive leadership, while operating under government direction
Proven experience as a SOC Lead or Senior Team Lead, successfully coordinating with managed security service providers (MSSPs) and external cybersecurity partners (e.g., CISA, CYBERCOM) in support of incident response (IR), incident handling (IH), and vulnerability management (VM) activities), including mitigating actions to contain activity and facilitating forensics analysis when necessary
Documented experience conducting and guiding in-depth technical evaluations of INFOSEC, IT security, and cybersecurity tactics, techniques, and procedures (TTPs), including their impact on baseline system configurations
Demonstrated proficiency providing cybersecurity posture assessments, hygiene reporting, and technical input in support of Governance, Risk, and Compliance (GRC) activities and continuous monitoring programs
Experience providing incident response support to network subscribers, including recommending mitigating actions, supporting containment efforts, and facilitating forensic analysis under government oversight
Demonstrated expertise in log-based and endpoint-based threat detection, threat hunting, and analysis across multiple threat sources
Strong technical knowledge of web services security, Microsoft cloud environments (Azure, M365), and modern enterprise security architectures
Advanced experience evaluating the security of complex web portals, APIs, and databases (e.g., Java, Ruby, SQL, Oracle) using commercial and open-source security assessment tools such as SQLmap and mongoaudit
Continuous monitoring and remediation tools (e.g., Azure Security Center, Defender for Cloud, Qualys, Wireshark)
Endpoint Detection and Response (EDR) platforms (e.g., HBSS, SEP, Microsoft Defender)
Near-expert knowledge of SOC operations, incident handling (IH), incident response (IR), and adversary tactics, techniques, and procedures (TTPs)
Ability to facilitate adoption of cybersecurity best practices with development, database, and system administration teams through technical expertise and collaborative engagement
Requires a bachelor’s degree in Cybersecurity, Information Assurance, or Information Security and 7+ years of relevant work experience. Additional experience may be substituted for a degree
Must be engaging and proactive with critical thinking and problem-solving ability, both independently and as part of a team
Candidate must demonstrate the ability to present ideas and reports clearly in English, both orally and in writing
Must obtain agency suitability clearance prior to start date