Cloud Security SME

Job Title: Cloud Security Subject Matter Expert (SME)

Location: Beltsville, MD and Rosslyn, VA

Terms: Full-time

Requirements: Must be a U.S. Citizen with Active Security Clearance

About the Role

Currently seeking to hire an experienced CIRT Cloud Security Subject Matter Expert (SME) to join the Diplomatic Security Cyber Mission Program, delivering leading cyber and technology security expertise to enable innovative, effective, and secure business processes This role directly supports the Cyber Incident Response Team (CIRT) as a key member of the Advanced Response and Tactics Team (ARTT).

• The customer requirement requires every employee to be onsite for the first 90 days. After the 90 day period, a hybrid schedule may be offered.
• Need to be able to support a hybrid and flexible work schedule; in the event of significant cyber incident a continuous on-site presence will be required.

Responsibilities

• Provide Subject Matter Expert (SME) level Cloud Security support in a 24x7x365 environment.
• Share in-depth knowledge and intelligence gained from cyber security events with stakeholders.
• Protect against potential cyber security incidents by pro-actively identifying steps to remediate threats and vulnerabilities.
• Provide SME level response, technical assistance and expertise for significant cyber incidents, investigations, operational events, and related cyber projects.
• Develop and implement training programs for CIRT Tier 1 and Tier 2 analysts.
• Conduct detailed research to increase awareness and readiness levels of the security operations center.
• Conduct advanced analysis and recommend remediation steps.
• Analyze network events to determine impact.
• Conduct all-source research to determine threat capability and intent.
• Develop and maintain analytical procedures to meet changing requirements.
• Coordinate with cross-functional teams during significant cyber incidents.
• Identify emergent cybersecurity technologies and develop methodologies for their employment.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Identify and determine tactics, techniques, and procedures for intrusion sets.
• Work with stakeholders to resolve computer security incidents and vulnerability compliance.
• Collect and analyze intrusion artifacts (e.g., source code, malware, and system configurations) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support incident response.
• Publish after-action reports, cyber defense techniques, guidance, and incident reports.
• Review, draft, edit, update and publish cyber incident response plans.

Qualifications: Basic Requirements

• Bachelor's degree and minimum of 14 years of relevant experience; 12 years with Masters.
• To be considered for this position, applicants must either currently hold one of the professional certifications listed below or obtain one prior to their start date. Continued certification is required as a condition of employment.
• CASP+ CE, CCNP Security, CISA, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, GCED, GCIH
• Demonstrated expertise in the Incident Response Lifecycle and how it applies to cloud, legacy and hybrid environments.
• Demonstrated experience with cloud computing technologies to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Identity as a Service (IDaaS)
• Demonstrated expertise in traditional computing technologies architecture, design and security.
• Demonstrated proficiency in using Endpoint Detection and Response (EDR) platforms (e.g. Microsoft Defender for Endpoint, Elastic Defend, CarbonBlack)
• Demonstrated proficiency in using Security Information and Event Management (SIEM) platforms (e.g. Splunk, Elastic, ArcSight)
• Demonstrated proficiency in using Security Orchestration and Automation (SOAR) platforms (e.g. ServiceNow, Sentinel, Splunk SOAR, IBM QRadar)
• Ability to analyze cyber threat intelligence reporting and understand adversary methodologies and techniques.
• Knowledge of malware analysis techniques.
• Knowledge of the MITRE ATT&CK and D3FEND frameworks and their relevancy to cyber incident response.
• Ability to identify and recommend remediation steps for cyber incidents.
• Demonstrated proficiency with common digital forensic tools (e.g. Autopsy, Axiom Forensics, KAPE, CyLR, Volatility)
• Strong organizational skills.
• Proven ability to operate in a time sensitive environment.
• Proven ability to communicate orally and written.
• Proven ability to brief technical and operational information to senior leadership.
• Ability to scope and perform impact analysis on incidents.
• U.S. citizenship required.
• Active Secret security clearance.
• Ability to obtain final Top Secret clearance.

Preferred Qualifications:

• One or more of the following certifications:
• CCSP, SC-200, 300, and 900, GCLD, GCTD, GCAD
• Demonstrated proficiency with Microsoft Azure cloud architecture
• Demonstrated proficiency with the Microsoft Defender suite and Kusto Query Language (KQL) analytics
• Demonstrated proficiency with using Splunk Enterprise Security and writing Splunk Processing Language (SPL) analytics
• Demonstrated experience with Python, PowerShell, and Bash languages
• Demonstrated knowledge of network architecture, design and security.
• Ability to analyze static and dynamic malware analysis reports.
• Ability to analyze and identify anomalous code as malicious or benign.
• Ability to write signatures for host and network intrusion detection systems.
• Ability to identify and recommend relevant telemetry requirements in support of cyber incident response actions
• Knowledge of system administration, network, and operating system hardening techniques.
• Proficiency in performing network packet-level analysis
• Demonstrated knowledge on the intersection of on-prem and cloud-based technologies.
• Demonstrated knowledge of system design and process methodologies.
• Experience in developing and delivering comprehensive training programs.
• Experience collaborating with cross functional teams.
• Experience working in the intra agency environment.
• Ability to communicate technical concepts to executive level leadership.

About us

Cyber Management International Corporation is actively recruiting highly IT Security professionals looking for challenging, exciting work in support of the U.S. Department of State (DOS). Specifically, our customer is the Bureau of Diplomatic Security (DS), Directorate of Cyber and Technology Security (CTS). DS/CTS is a center of excellence that brings together cybersecurity, technology security, and investigative expertise as a unified security capability focused on solving critical and emerging issues enabling the State Department to fulfill its vital global mission.

For more information about our company, please visit or email us at

Job Type: Full-time

Pay: From $170,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Vision insurance

Security clearance:

• Secret (Required)

Work Location: Hybrid remote in Arlington, VA 22209