Job Title: Lead Security Investigator

Clearance: Secret

Location:  Leesburg, VA 

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise – across the organization and around the world.

Foxhole Technology is seeking a Lead Security Investigator to join our growing team in support of Security Operations Center. The ideal candidate will have experience working in a network security environment, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC).

• Lead staff to proactively investigate and respond to security incidents.
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
• Ensure compliance to Service Level Agreements (SLA), process adherence and process improvisation to achieve operational objectives and mitigate threats.
• Revise and develop processes to strengthen the current operational activities; review policies and recommend changes to improve governance.
• Responsible for team management and overall use of resources and initiation of corrective action where required for Security Operations Center.
• Responsible for leveraging standard and non-standard logs in SIEM for the investigation
• Co-ordinate with stakeholders to build and maintain positive working relationship

• Minimum six (6) years IT experience with at least four (4) years in an IT Security position.

• Qualified candidates must have a minimum of two (2) years of experience working in a SOC type operation for a government or commercial client.

• Experience conducting analysis at the packet level.
• Firewall administration experience (Checkpoint, etc.).
• Experience with Snort, and Cisco intrusion detection sensors.
• Experience with Host-Based and Network-Base IDS.
• Experience with Security Information Management Tools (ArcSight, Splunk, Sentinel, etc.).
• AntiVirus, AntiSpyware, and Content Filtering solutions.
• Cloud-based security monitoring tools.
• Endpoint Detection and Response Tools.

• Firewall administration experience.
• Experience with intrusion detection sensors.
• Experience with Security Information and Event Management Tools.
• Experience with Hunt investigation tools in the Cloud.
• Experience with Hunt investigations with EDR tools.
• Experience with scripting languages such as Python.
• CISSP and/or SANS/GIAC Certification (equivalent to two-year experience).

Requirements of position:  Think analytically, effective verbal and written communication skills, make decisions, observe/remember details, interpret data, concentrate on tasks, adjust to change, handle stress/emotions.  Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard/type, handle confidential information, use math/calculations, stay organized, operate office equipment, may direct others.  Must be able to see, have eye/hand coordination, and lift up to 10 lbs.  May be exposed to dust/dirt, humidity, and noise.

Foxhole Technology is an Equal Opportunity Employer and makes hiring decisions without regard to race, color, religion, sex (including pregnancy, childbirth and sexual orientation), national origin, age, disability, genetic information, military/veteran status, or any other protected class.