Are you interested in defining the future of cyber security processes and operations at a Cabinet-level Department?
Have experience managing Security Operations Centers (SOC) processes and operations, or experience consolidating SOCs and Network Operations Centers?
Love solving challenging organizational, technical, and cyber problems with clients?
Do you have an active Secret clearance?
Then we’ve got the role for you!
Come be a part of the team supporting a Cabinet-level Department’s cyber strategy and operations within the Office of the Chief Information Officer (OCIO). We are an established consulting firm with a newly awarded $100M prime contract – so there is plenty of (stable!) growth opportunity for you.
We’re a highly functional team of independent-minded, entrepreneurial consultants who have built our reputation as a trusted information technology (IT) partner. We’re looking for people who have a growth mindset and who are ready to bring new ideas and thinking to our clients’ objectives. Still you? Read on…
Join a boutique consulting firm supporting a large-scale Cabinet-level Department contract where you will be a key resource helping to define the future strategic approach of the Department’s Security Operations Center (SOC). Your role is critical in understanding the business requirements, underlying problems the SOC is trying to solve, and the 3 – 5-year strategic roadmap. You will leverage your cyber security skills to support SOC operations and make recommendations for improvements. You will help evolve cyber operations and threat monitoring, detection, and response, and evaluate opportunities for consolidation of SOC processes and operations.
You will apply a broad understanding of monitoring, analyzing, detecting, and responding to cyber events and incidents within information systems and networks. You will coordinate work with client leadership to identify the right mix of tools and techniques to translate customer’s IT needs and future goals into a plan that will enable secure and effective solutions. You will investigate new techniques, break free from the legacy model, and go where the industry is going. You will lead the team through a critical approach to network design, providing alternatives and customizing solutions, to maintain a balance of security and mission needs. Your technical expertise will be vital as you help customers overcome their most difficult challenges by integrating secure practices like preparing briefings and situation reports, applying new detection and mitigating strategies, coordinating eradication, conducting lessons learned in meetings, and authoring incident reports for the clients and designated entities.
This position will require on-site work in Washington, D.C. and Vienna, VA, with telework options available.
Primary responsibilities include but are not limited to:
- Review processes for monitoring, analyzing, detecting, and responding to cyber events and incidents within information systems and networks
- Leverage cyber security solutions for intrusion detection and prevention, situational awareness of network intrusions, security events, data spillage, and incident response actions
- Support network threat analysis, correlation, and response capabilities
- Work with the SOC team to understand, mitigate, and respond to threats quickly, restoring operations and limiting the impact, focusing on root cause analysis for process improvements
- Analyze incidents to figure out how many systems are affected and assist recovery efforts
- Combine threat intelligence, event data, and assessments from recent events, and identify patterns to understand attackers’ goals
- Analyze the current architecture to identify weaknesses and opportunities for improvement
- Perform evaluations of cyber security tools and applications to identify opportunities for improvement
- Keep abreast of emerging cyber technologies and evaluate vendor offerings to determine best fit for SOC needs
- Develop reports as necessary to brief various stakeholders (e.g., customers, OCIO executives)
- Liaise with clients to keep them informed of progress and to make relevant decisions
- Experience working in a Computer Incident Response Team (CIRT), Computer Security Incident Response Center (CSIRC), or SOC
- Experience consolidating or improving SOC operations and processes
- Knowledge of computer networking, operating systems, and multiple security technologies, including IDS, firewalls, and Splunk
- Experience with configuration of the SOC tools in the environment, including McAfee, Splunk, Encase, and Nessus
- Experience with managing and responding to major incidents, including preparing briefings and situation reports, applying new detection and mitigating strategies, coordinating eradication, conducting lessons learned in meetings, and authoring incident reports for the clients and designated entities
- Experience with writing and preparing all contract deliverable documentation, including standard operating procedures, incident management and operations plans
- Experience with network protection and monitoring tools
- Ability to detect, correlate, and escalate cyber security events and provide in-depth analysis and use case management for Security Information and Event Management (SIEM)
- Ability to build collaborative working relationships with various internal and external stakeholders
- Strong analytical ability and data-driven mindset
- Ability to baseline processes and develop new ones to improve SOC operations
- Ability to rapidly acquire new knowledge and skills in cyber security
- Ability to work in complex situations with varying degrees of ambiguity and change
- Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
- Secret security clearance with ability to obtain a higher-level clearance
- Experience with developing and implementing new processes and procedures to standardize work in the SOC for analysts, including addressing customer needs and requirements
- Experience with developing and implementing new security and analysis capabilities increasing the overall success of security operations and incident response activities
- Experience with monitoring and analyzing network alerts using web traffic, firewall logs, Windows logs, intrusion detection and prevention alert and full packet capture capabilities and determining if a compromise was successful
- Experience with creating new signatures, content for the intrusion detection system, and protecting the Department from new threats to their environment
- Experience with creating use cases and providing clear and concise information for team members and federal staff
- Experience with performing malware analysis in a sandbox environment on new samples of malware that are discovered within the customer’s environment to find indicators, and persistence mechanisms to develop content for detecting and blocking future compromise attempts
- Experience with performing host-based forensics to detect malicious artifacts, and determining system compromise and threat vectors for incidents
- Deep understanding of network, data, identity, and cyber services, and how they integrate
- Knowledge of cyber products and services offered by hyper-scale cloud service providers (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
- Direct or indirect Federal Government experience
- Bachelor’s Degree in business, engineering, mathematics, management information systems, or field of study related to IT or cyber security
- CompTIA Net+, CompTIA A+, CompTIA Security+, GIAC Certified Incident Handler (GCIH), or EC-Council Certified Incident Handler (ECIH) Certification
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, marital status, personal appearance, sexual orientation, gender identity or expression, family responsibilities, matriculation, political affiliation, genetic information, disability, or past or present military service.
We offer an attractive compensation and benefits package, opportunities for professional growth, and a positive work environment. Candidate must be a U.S. citizen and possess or be able to successfully obtain a Federal security clearance. Hill Associates is an Equal Opportunity Employer and strongly supports diversity in the workplace. Please note that due to the expected volume of responses, only candidates being considered for an initial interview will be contacted.
Our company uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities as an applicant, please visit
Application can be made electronically via our website (https://www.hillasc.com/careers/) or by submitting a paper resume to Hill Associates Attention: HR 1 Research Ct Suite 450 Rockville MD 20850