ClearanceJobs
Senior Cybersecurity Technical Lead
Serve as the technical lead within a 24x7x365 Security Operations Center (SOC), supporting the leadership of a team of cybersecurity professionals during the primary shift of 8:00 AM to 5:00 PM on-site. This role is responsible for guiding the technical direction of SOC operations, including hands-on involvement in incident detection, analysis, containment, and remediation. The Technical Lead ensures that security technologies such as SIEM, SOAR, IDS/IPS, EDR, and threat intelligence platforms are effectively configured, maintained, and optimized to support real-time monitoring and response. Additional responsibilities include mentoring junior analysts, conducting technical training, developing playbooks and detection rules, and leading the technical response to complex or high-severity security incidents. The role also supports coordination of daily operations, ensuring team cohesion, readiness, and continuous improvement of SOC capabilities. Responsibilities: Provide technical knowledge and analysis of security incident responses. Perform forensic analysis of devices involved in incidents. Investigate potential intrusions and security events to contain and mitigate incidents. Research cyber-attacks, malware, and threat actors to determine potential impact and develop remediation guidance. Analyze network traffic and identifies attack activity. Document incident response activities and lessons learned. Effectively communicate incident response activities. Provide monitoring and response capabilities. Regularly update and optimize queries and alerting rules. Maintain the confidentiality and integrity of the data within SIEM. Provide timely and accurate reports to management. Collaborate with vendors to ensure proper best practices are enforced and recommendations are delivered. Validate suspicious events by performing investigations using SIEM, leverage tools available to the SOC, threat intelligence and OSINT, TTPs and IOCs. Leverage knowledge of Alert Triage, SOC Operations, and Defense in Depth (DiD) to contribute to projects for overall success. Produce high-quality written and verbal communications, recommendations, and findings to management in a timely manner. Attend focus groups, trainings, industry conferences, and skills enhancement opportunities. Provide timely escalation of events to appropriate teams and external parties. Possess and apply a comprehensive knowledge across key tasks and high impact assignments. Evaluate performance results and recommends major changes affecting short-term project growth and success. Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. Requirements: Active Secret security clearance Between 7-10 years of related experience DoD IAT II required certification/s (one of the following): CCNA-Security CySA+ (CSA+) GICSP GSEC Security+ CE CND SSCP CSSP-A Required certification/s (one of the following): CEH GCIA GCIH CEH GCIA GCIH Experience with the following skills/tools: Mandiant Managed Defense (FireEye/Trellix NX) Knowledge of Alert Triage SOC Operations Defense in Depth (DiD) Splunk Security Orchestration Automation and Response (SOAR) Amazon Web Services (AWS) EnCase Location: No Telework Available - On-Premises in Smyrna, GA
Serve as the technical lead within a 24x7x365 Security Operations Center (SOC), supporting the leadership of a team of cybersecurity professionals during the primary shift of 8:00 AM to 5:00 PM on-site. This role is responsible for guiding the technical direction of SOC operations, including hands-on involvement in incident detection, analysis, containment, and remediation. The Technical Lead ensures that security technologies such as SIEM, SOAR, IDS/IPS, EDR, and threat intelligence platforms are effectively configured, maintained, and optimized to support real-time monitoring and response. Additional responsibilities include mentoring junior analysts, conducting technical training, developing playbooks and detection rules, and leading the technical response to complex or high-severity security incidents. The role also supports coordination of daily operations, ensuring team cohesion, readiness, and continuous improvement of SOC capabilities. Responsibilities: Provide technical knowledge and analysis of security incident responses. Perform forensic analysis of devices involved in incidents. Investigate potential intrusions and security events to contain and mitigate incidents. Research cyber-attacks, malware, and threat actors to determine potential impact and develop remediation guidance. Analyze network traffic and identifies attack activity. Document incident response activities and lessons learned. Effectively communicate incident response activities. Provide monitoring and response capabilities. Regularly update and optimize queries and alerting rules. Maintain the confidentiality and integrity of the data within SIEM. Provide timely and accurate reports to management. Collaborate with vendors to ensure proper best practices are enforced and recommendations are delivered. Validate suspicious events by performing investigations using SIEM, leverage tools available to the SOC, threat intelligence and OSINT, TTPs and IOCs. Leverage knowledge of Alert Triage, SOC Operations, and Defense in Depth (DiD) to contribute to projects for overall success. Produce high-quality written and verbal communications, recommendations, and findings to management in a timely manner. Attend focus groups, trainings, industry conferences, and skills enhancement opportunities. Provide timely escalation of events to appropriate teams and external parties. Possess and apply a comprehensive knowledge across key tasks and high impact assignments. Evaluate performance results and recommends major changes affecting short-term project growth and success. Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. Requirements: Active Secret security clearance Between 7-10 years of related experience DoD IAT II required certification/s (one of the following): CCNA-Security CySA+ (CSA+) GICSP GSEC Security+ CE CND SSCP CSSP-A Required certification/s (one of the following): CEH GCIA GCIH CEH GCIA GCIH Experience with the following skills/tools: Mandiant Managed Defense (FireEye/Trellix NX) Knowledge of Alert Triage SOC Operations Defense in Depth (DiD) Splunk Security Orchestration Automation and Response (SOAR) Amazon Web Services (AWS) EnCase Location: No Telework Available - On-Premises in Smyrna, GA