Network Operations Center (NOC) Lead

Network Operations Center (NOC) LEAD

Department of Energy | Washington, DC | Full-Time | On-Site

Position Details

Client

Department of Energy (DoE)

Location

1000 Independence Ave. SW, Washington, DC 20585

Employment Type

Full-Time, On-Site (No Remote)

Contract Period

April 2028 + 5 Years

Clearance Required

Top Secret (Investigation Current Within Last 5 Years)

Start Dates

New hire start dates are the 1st and 16th of each month

Position Overview

The NOC Lead plays a pivotal role in managing the Security Operations Center, guiding the SOC team, and ensuring effective detection and response to cybersecurity incidents. This position demands a combination of leadership, technical expertise, and the ability to communicate complex cybersecurity issues to diverse stakeholders. The NOC Lead leverages deep technical knowledge to identify risks, improve methodologies, and protect the organization's intellectual property and sensitive assets from evolving threats.

Roles & Responsibilities

Leadership and Team Management

• Lead, manage, and mentor the SOC team, ensuring day-to-day operations run smoothly and efficiently
• Provide guidance, feedback, and training to SOC analysts to improve their performance and skillset
• Ensure 24/7 operational readiness of the SOC, including shift coverage and resource management

Incident Response and Management

• Lead the SOC team in identification, analysis, and response to cybersecurity incidents — including intrusions, malware, and data breaches
• Reconstruct timelines of events based on network defense data to analyze network intrusions and attacks
• Serve as the escalation point for complex or high-priority incidents, ensuring proper handling and resolution
• Support enterprise-wide incident response, collaborating with IT and cybersecurity teams to manage and mitigate threats
• Continuously strengthen incident response methodologies to improve response times and effectiveness

Threat Detection and Mitigation

• Develop and support threat detection capabilities to proactively identify emerging risks and vulnerabilities
• Analyze large volumes of network traffic, system logs, and threat intelligence data to uncover potential threats
• Use network operations expertise to predict potential attack vectors and devise proactive defense strategies
• Provide recommendations on improving threat data collection and ensuring high-quality data availability for analysis

Cybersecurity Risk Analysis

• Analyze cybersecurity risks and communicate findings to key decision-makers in a clear and actionable manner
• Translate complex technical risks into actionable insights for non-technical stakeholders, including senior leadership
• Identify opportunities for continuous improvement in the organization's cybersecurity practices

Intellectual Property Protection

• Safeguard the organization's intellectual property by identifying threats and vulnerabilities to sensitive data
• Develop and implement strategies to mitigate risks to intellectual property and other sensitive government assets

Security Tool Management and Optimization

• Oversee configuration, optimization, and management of security tools including SIEM, IDS/IPS, endpoint protection, and monitoring solutions
• Ensure security tools are appropriately tuned to detect relevant threats with effective coverage across all systems

Reporting and Documentation

• Maintain accurate and detailed documentation of security incidents, including analysis, findings, and mitigation steps
• Prepare incident reports, post-mortem analyses, and regular updates to senior management on SOC performance and emerging threats
• Ensure compliance with industry standards and regulatory requirements in all incident documentation and reporting

Collaboration and Communication

• Collaborate with internal teams — IT, network security, and engineering — to ensure cohesive threat response strategies
• Serve as the subject matter expert for security incidents, threat analysis, and response processes within the SOC
• Keep organizational leadership and relevant stakeholders informed of critical cybersecurity events and decisions

Continuous Improvement

• Foster a culture of continuous improvement by assessing performance metrics, conducting after-action reviews, and implementing process improvements
• Stay current with the latest cybersecurity threats, trends, and best practices to ensure SOC operations remain aligned with industry standards

Required Qualifications

• Experience: 10+ years of experience in cybersecurity, with at least 4 years in a leadership role within a SOC or security operations environment
• Clearance: Active Top Secret clearance with investigation completed within the last 5 years
• Certifications: CISSP, CISM, GCIH, GCIA, or equivalent cybersecurity certifications strongly preferred
• Technical Expertise: Proven expertise in network defense, incident response, threat detection, vulnerability management, and security operations
• Incident Response: Strong experience leading incident response efforts, including network intrusions, malware infections, and data breaches
• Data Analysis: Experience analyzing large volumes of data — network traffic, logs, threat intelligence — to identify and respond to cybersecurity risks
• Leadership: Proven ability to lead and mentor a team, manage operations, and communicate security issues to both technical and non-technical stakeholders
• Communication: Exceptional written and verbal communication skills with ability to present technical findings to senior leadership
• Education: Years of relevant experience carry more weight than formal degrees in candidate evaluation

Additional Qualifications

• Strong understanding of network operations and how attackers exploit networks
• Ability to predict potential attack vectors based on current threat intelligence and historical data
• Experience with intellectual property protection strategies and threat data collection methodologies
• Strong analytical skills with ability to translate complex data into actionable insights for decision-makers

Technical Environment

Microsoft | Linux | Splunk | Ansible | Tenable | GEMS

How Success Is Measured

• Incident Response Metrics: Quick detection, containment, and resolution of incidents with minimal organizational impact
• Threat Detection & Prevention: Reduction in false positives, proactive threat detection, and measurable improvement in detection tool effectiveness
• Team Leadership: Strong team performance, low analyst turnover, and demonstrated success in mentoring and developing analysts
• Collaboration & Communication: Efficient cross-department collaboration, clear and timely reporting, and strong stakeholder confidence in SOC operations
• Continuous Improvement: Ongoing process optimization, successful post-incident reviews, and measurable improvements in overall security posture
• Compliance & Audit: Full adherence to regulatory requirements with positive audit and compliance outcomes
• Tool & Technology Utilization: Effective utilization of security tools and technologies, ensuring high return on investment and appropriate coverage

Important Notice to Applicants

Applicants should be aware that reviews and tests for the absence of any illegal drug as defined in 10 CFR 707.4 will be conducted by the employer, and a background investigation by the Federal government may be required to obtain an access authorization prior to employment. Subsequent reinvestigations may be required. If this position is covered by the Counterintelligence Evaluation Program regulations at 10 CFR Part 709, applicants should also be aware that successful completion of a counterintelligence evaluation may include a counterintelligence-scope polygraph examination.

How to Apply

Qualified candidates should submit a resume and any relevant certifications to:

Intrinsic Resolution, LLC | Recruiting Team

Intrinsic Resolution, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.

Pay: $85.00 - $91.35 per hour

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

Experience:

• Cybersecurity: 10 years (Required)
• leadership within a SOC : 4 years (Required)
• Network Defense: 2 years (Required)
• Incident response: 2 years (Required)
• Threat detection & response: 2 years (Required)
• Vulnerability management: 2 years (Required)
• Data analysis skills: 3 years (Required)

License/Certification:

• One of these: CISSP, CISM, GCIH, GCIA or equivalent (Required)

Location:

• Washington, DC 20585 (Preferred)

Security clearance:

• Top Secret (Required)

Work Location: In person