Jobs · Information Technology · Indiana

CSSP Analyst, SME (Team Lead) P41

FEDITC · Indianapolis, IN · 5 mo ago
Information TechnologyFull-time

Overview Of Position

FEDITC seeks a CSSP Analysis Team Lead to work in the Indianapolis IN area, to direct 24/7 cybersecurity analysis, threat monitoring, and incident response operations for the DFAS Cybersecurity Service Provider (CSSP) program. This position provides subject matter expertise in security event correlation, threat intelligence, and incident handling across all DFAS CCE enclaves including unclassified and classified networks.

Responsibilities

  • Lead and supervise CSSP Analysis staff delivering 24/7 security event monitoring, analysis, and incident response
  • Direct real-time security event correlation, threat detection, and analysis using SIEM platforms (Splunk, ArcSight, Microsoft Sentinel)
  • Manage cyber security incident response including detection, containment, eradication, and recovery operations
  • Oversee threat intelligence integration, indicator of compromise (IOC) analysis, and threat hunting activities
  • Cook internal and external incident reporting per JFHQ-DODIN, Cyber Command, and DFAS requirements
  • Lead audit support, security assessments, and compliance validation activities
  • Direct vulnerability analysis, penetration testing coordination, and remediation tracking
  • Develop and maintain incident response plans, playbooks, and analysis procedures
  • Support CSSP program operations including accreditation documentation and scoring metric compliance
  • Cook with DFAS ISSM, security teams, and external stakeholders on security incidents and findings
  • Ensure 100% compliance with DoD CSSP Evaluators Scoring Metrics and reporting requirements

Qualifications

  • Minimum 10 years of cybersecurity analysis experience in DoD or Federal environments with increasing responsibility
  • Expert-level knowledge of security event analysis, threat correlation, and incident response methodologies
  • Demonstrated expertise with enterprise SIEM platforms (Splunk, ArcSight, Microsoft Sentinel)
  • Experience with cyber incident handling per NIST 800-61 and DoD incident reporting requirements
  • Strong knowledge of threat intelligence, malware analysis, and forensic investigation techniques
  • Experience with vulnerability management programs (ACAS, Nessus) and penetration testing
  • In-depth understanding of NIST 800-53, DISA STIGs, and DoD cybersecurity frameworks
  • Knowledge of DoD CSSP requirements, evaluations, and JFHQ-DODIN reporting
  • Proven ability to lead security analysis teams in high-pressure 24/7 operational environments
  • Ability to support COOP exercises and emergency operations

Preferred Qualifications

  • GIAC certifications (GCIA, GCIH, GCFA, GNFA)
  • SANS DFIR certifications or equivalent
  • Experience with classified network (JWICS) security operations
  • Splunk Certified Security Analyst or equivalent
  • Experience leading threat hunting programs
  • DFAS or DoD financial system security operations experience

Certifications

  • Cyber Defensive Analyst (Advanced) Playlist and CySA+ (or equivalent per 511 A)
  • Computing Environment (CE) certification required for privileged access roles

Cleaning Environment

  • Maintain applicable security clearance(s) at the level required by the client and/or applicable certification(s) as requested by FEDITC and/or required by FEDITC’s Client(s)/Customer(s)/Prime contractor(s).

Similar jobs