Cybersecurity Operations Technical Lead (SOC Engineer/SME)

Koniag Services, Inc.
Washington, United States of America
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Washington, United States of America

Tech stack

Microsoft Windows
Amazon Web Services (AWS)
Data analysis
Azure
Cloud Computing Security
Computer Security
Computer Networks
Digital Forensics
DNS
Event Logging
Hypertext Transfer Protocols (HTTP)
Intrusion Detection and Prevention
Intrusion Detection Systems
Information Systems Security Architecture Professional
Python
Network Security
Log Analysis
Network Forensics
Performance Tuning
Powershell
ArcSight SIEM Tool
Zero Trust Network Access
Reverse Engineering
Runbook
Security Information and Event Management
Syslog
TCP/IP
Wireshark
Software Vulnerability Management
Scripting (Bash/Python/Go/Ruby)
Cloud Platform System
Mitre Att&ck
Malware
Firewalls (Computer Science)
Information Technology
Cybercrime
Microsoft Sentinel
Splunk
Security Orchestration, Automation & Response
Vulnerability Analysis

Job description

The Cybersecurity Operations Technical Lead will serve as the senior technical expert within the SOC, providing leadership, mentorship, and hands-on technical support for all cybersecurity operations activities supporting the SBA.

Principal responsibilities will include but are not limited to:

  • Serve as the primary technical subject matter expert (SME) for SOC operations, providing guidance and oversight to cybersecurity analysts in the detection, analysis, and response to security incidents.
  • Lead and coordinate incident response activities, including triage, containment, eradication, recovery, and post-incident review in accordance with SBA policies and federal guidelines.
  • Oversee continuous monitoring of SBA networks, systems, and endpoints using SIEM platforms, IDS/IPS tools, and other security technologies to identify and respond to potential threats and anomalies.
  • Develop, tune, and maintain SIEM use cases, detection rules, correlation logic, and alerting thresholds to improve threat detection capabilities and reduce false positives.
  • Conduct advanced threat hunting activities to proactively identify indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) leveraged by threat actors targeting SBA systems.
  • Perform in-depth analysis of security events, logs, network traffic, and endpoint telemetry to identify malicious activity and provide actionable intelligence to SBA leadership and stakeholders.
  • Collaborate with SBA IT and security teams to develop, refine, and maintain Standard Operating Procedures (SOPs), playbooks, and runbooks for SOC operations and incident response activities.
  • Provide technical mentorship and training to junior and mid-level SOC analysts, fostering professional development and elevating the overall capability of the team.
  • Support vulnerability management activities, including the review and analysis of vulnerability scan results and coordination with system owners on remediation efforts.
  • Prepare and deliver detailed technical reports, briefings, and after-action reviews (AARs) to SBA leadership, documenting incident timelines, findings, and recommended corrective actions.
  • Ensure SOC operations align with federal cybersecurity frameworks, policies, and compliance requirements, including NIST, FISMA, and DHS/CISA guidance.
  • Coordinate with external stakeholders, including US-CERT, CISA, and other federal agencies, as necessary, during significant cybersecurity incidents or threat campaigns.
  • Support the continuous improvement of SOC processes, tools, and technologies to enhance operational efficiency and the overall cybersecurity posture of the SBA.

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university.
  • 8+ years of progressive experience in cybersecurity operations, with at least 3 years in a technical lead, senior analyst, or SME role within a SOC environment.
  • Demonstrated experience supporting federal government cybersecurity programs and operations.
  • One or more of the following certifications:
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Security Operations Certified (GSOC)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Enterprise Defender (GCED)
  • Certified SOC Analyst (CSA)

Desired:

  • Master's degree in Cybersecurity, Information Assurance, or a related field.
  • 10+ years of cybersecurity operations experience within a federal government or defense contracting environment., * Exceptional communication skills in English - both written and oral - with the ability to convey complex technical information clearly to both technical and non-technical audiences, including senior government leadership.
  • Deep technical expertise in SOC operations, including security event monitoring, incident detection, triage, and response.
  • Extensive hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, ArcSight, or similar) including use case development, rule tuning, and dashboard creation.
  • Strong knowledge of network security concepts, including TCP/IP, DNS, HTTP/S, firewalls, IDS/IPS, and network traffic analysis tools such as Wireshark or Zeek.
  • Proficiency in endpoint detection and response (EDR) tools and methodologies for investigating host-based threats and anomalies.
  • Experience with threat intelligence platforms and the ability to operationalize threat intelligence to improve detection and response capabilities.
  • Strong understanding of the MITRE ATT&CK framework and its application to threat detection, threat hunting, and incident response.
  • Demonstrated experience developing and maintaining incident response playbooks, SOPs, and runbooks.
  • Knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, FISMA, and CISA guidance.
  • Experience conducting log analysis across diverse data sources, including Windows Event Logs, Syslog, cloud platform logs, and application logs.
  • Ability to lead and mentor a team of cybersecurity analysts in a fast-paced operational environment.
  • Ability to obtain and maintain a Public Trust Clearance.

Desired Skills and Competencies:

  • Prior experience supporting SBA or other federal civilian agency cybersecurity programs.
  • Experience with cloud security monitoring and operations in AWS, Azure, or GCP environments.
  • Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms and scripting languages (e.g., Python, PowerShell) for automation of SOC workflows.
  • Knowledge of Zero Trust Architecture principles and implementation within a federal environment.
  • Experience with digital forensics and malware analysis techniques.
  • Familiarity with CDM (Continuous Diagnostics and Mitigation) program tools and requirements.
  • GIAC Certified Forensic Analyst (GCFA) or GIAC Reverse Engineering Malware (GREM) certification.
  • Experience supporting FedRAMP authorized cloud environments.

Benefits & conditions

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.

About the company

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Cybersecurity Operations Technical Lead (SOC Engineer/SME) to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust., Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Cybersecurity Operations Technical Lead to support the U.S. Small Business Administration (SBA). The ideal candidate is a seasoned cybersecurity professional with deep technical expertise in Security Operations Center (SOC) operations, threat detection, and incident response. This individual will serve as a subject matter expert (SME), providing technical leadership and guidance to a team of cybersecurity analysts while working closely with SBA stakeholders to protect critical government systems and data., Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com. Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352

Apply for this position