NR Labs is looking for a candidate to provide mid-level security operations support. Responsibilities include:

• Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation.

• The ability to identify new data sources for determination of security events: analyze raw data sources to extract, institutionalize, and document actionable events and review existing security events and propose refinements, automation, and/or broaden handling capabilities as appropriate.

• The ability to communicate the current status of security: identify and report on metrics related to the operations of the team and identify and report on project status related to augmenting detection ability.

• Subject Matter Expert (SME) on two or more of the following: Log Analysis/Event Detection, Malware Analysis, Cloud Security, Network Access Control, Security Automation, Incident Response, Detection Engineering, Cyber Threat Hunting

• Has the ability to work with security tools that emulate adversary like actions and personnel to develop, document, and test detection mechanisms and to close the loop by working with the applicable teams to improve security by resolving findings.

• The ability to develop detailed multi month and resourced project plans providing timely updates.

• Works with executive management to determine acceptable levels of risk for the enterprise.

• Ability to lead in the development of technical security standards to support policies including monitoring standards and incident investigation procedures.

• Interact with key stakeholders for troubleshooting/content development/etc.

• Coordinate incident response with security operations staff and serve as incident response or hunt lead.

• Has the ability to develop and document a hunt plan and the capability to develop standardized detection mechanisms based on the hunt plan.

• Ability to work with staff to develop a vision and independently lead the implementation of new capabilities.

• Ability to lead in the development and performance of quality control checks,

operational metrics and project management for Cybersecurity operations.

Required Qualifications & Education:

• Five (5) years’ experience in Information Technology, Cybersecurity, or a related field.
• Three (3) years' experience supporting cybersecurity operations.
• A minimum of one (1) year of hands-on experience leading Tier 3 incident responses and investigative expertise conducting incident responses.
• A minimum of one (1) year experience of cloud experience.

Clearance and Location Requirements:

• Able to be cleared for a Public Trust clearance.
• This position requires to be onsite 3 days per week in Washington, DC.