Delivering DCO outcomes across the OpNET platform, the DPS SOC Security Supervisor (Incident & Vulnerability) is critical for the deployed environment, ensuring operational security processes are enacted at every level. Responsible for integration of logs, incident response, forensic processes, and compliance to policy, process, and procedure adherence. Ensuring threat management, threat modelling, and development of use cases for security monitoring.
* Integration of standard and non-standard logs in SIEM.
* Management and coordination of incident response and forensic processes.
* Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives.
* Revising and developing processes to strengthen PROTECT, DETECT, and RESPOND delivery.
* Overall use of resources and initiation of corrective action where required.
* Ensuring daily management, administration and maintenance of security devices to achieve operational effectiveness.
* Ensuring threat management, threat modelling, identify threat vectors and develop use cases for security monitoring.
* Driving tools development and integration, including Defence Cyber Capability (DCC) and Cyber Enabling Architecture (CEA).
* Creation of reports, dashboards, metrics for SOC operations and presentation to OpNET CISO and Security Working Group (SWG).
* Deliver co-ordination with stakeholders, build and maintain positive working relationships, and ensure outputs are aligned.
* Support analysts with performance feedback, training, and career direction.
* Assist with screening and hiring security analysts and security engineers.
* Support routine governance and compliance audits, and accreditation activities.
Essential skills and qualifications:
* Current DV clearance.
* Strong supervisory and management skills, and ability to guide others during incident, vulnerability and crisis management events.
* Tuning correlation rules, event and outcomes via SIEM and SOAR platforms (specifically Elastic).
* Ability to articulate and escalate proposed changes to tooling configuration.
* Strong background in Analysis of attacker Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoC).
* Familiarity with Linux and Windows capabilities and network and host based forensic processes.
* Familiarity of the investigation of malware and host compromise incidents.
* Understanding of intrusion detection systems, web application firewalls, and IP reputation systems.
* Technical understanding of current cybersecurity threats and trends.
* Working knowledge of the NIST frameworks, including NIST 800-12, 800-53 & 800-37a and JSPs 440 and 604.
* ISO 27001:2013 security and risk controls.
* MITRE ATT&CK adversarial framework.
* ITILv3/v4 Foundation.
Desirable qualifications:
* CompTIA A+.
* CompTIA Security+.
* CompTIA CySA+.
* CompTIA PenTest+.
* SANS MGT551: Building and Leading Security Operations Centres.
* CISSP/CISM.
* SANS Critical Security Controls/SANS Advanced Security Essentials.
* ITIL v3/v4 Intermediate.
* SANS 504 (Incident Handling).
* SANS 511 (Continuous Monitoring).