Job Description
The Cybersecurity Service Provider (CSSP) 24/7 Operations Team Lead serves as the senior subject matter expert (SME) and operational leader responsible for directing continuous cybersecurity monitoring, event analysis, incident response, vulnerability management, and security infrastructure operations across all assigned classified and unclassified enclaves. This role oversees a 24/7/365 cyber operations team and ensures operational compliance with DoD, Defense Cyber Defense Command (DCDC), U.S. Cyber Command, DISA, and Zero Trust cybersecurity requirements.
The Team Lead provides daily supervision of technical staff, leads mission-critical response operations, coordinates with senior Government stakeholders, and ensures the protection, detection, and defense of all Government IT assets in accordance with DoD cybersecurity policy frameworks.
Key Tasks & Responsibilities
Operational LeadershipLead, coordinate, and manage the 24/7 cyber operations team responsible for monitoring, detection, triage, and response across all network enclaves.Serve as senior operational authority for active cyber events, incident escalation, and enterprise security actions.Provide daily supervision, scheduling, and direction to CSSP operations staff in support of continuous monitoring requirements.Maintain situational awareness of cyber threats, adversarial activity, and operational risk across the environment.Provide expert-level technical direction, strategic advice, and operational guidance for all CSSP mission areas.Lead operational planning, milestone development, risk assessments, and major technical decisions.Oversee complex or mission-critical cybersecurity programs and ensure all technical requirements are met.Interface with senior Government leadership for incident reporting, operational decisions, and program priorities.Supervise junior staff and mentor technical team members.Continuous Monitoring & Event AnalysisOversee 24/7 security event monitoring, log correlation, anomaly detection, and analysis of alerts.Ensure rapid detection of threats involving malware, unauthorized access, data exfiltration, insider activity, and network exploitation.Utilize SIEM platforms (e.g., ArcSight) and IDS/IPS technologies for real-time analysis.Incident Response & ReportingAct as the central POC for Computer Emergency Response.Lead incident investigations, containment, eradication, and recovery actions.Provide internal and external incident reporting IAW DoD requirements.Support DoD-CERT and JFHQ-DODIN direction during cyber events.Vulnerability & Patch ManagementOperate and manage enterprise vulnerability scanning platforms (ACAS).Conduct monthly scans, IAVA processing, remediation tracking, and POA&M development.Perform STIG compliance checks and secure baseline validation.Security Infrastructure SupportOversee the operation and maintenance of enterprise security technologies including:IDS/IPSEndpoint Security System (ESS)ACASNetwork perimeter defense toolsTraffic monitoring and forensic systemsPenetration testing solutionsSIEM toolsEnsure performance, tuning, and configuration are optimized and aligned with Zero Trust architecture.Security Audits & CompliancePerform audits on servers, workstations, network devices, and enclave infrastructure.Ensure compliance with:DoDI 8500.01 (Cybersecurity)DoDI 8510.01 (RMF)DoDD 8140.01
DISA STIGsIAVA requirementsCJCSM 6510.01
JFHQ-DODIN and U.S. Cyber Command directivesConduct Security Readiness Reviews (SRRs) and validate secure configurations.Cybersecurity Program ExecutionSupport the development and execution of a Cybersecurity Compliance Plan ensuring confidentiality, integrity, and availability (CIA) of Government systems.Participate in continuous monitoring and scoring programs including CMRS, Cyber Threat Score, Cyber Top 10, etc.Documentation & ReportingDevelop and maintain:POA&MsAORsSecurity Override LettersOperational reportsIncident summariesVulnerability analysis reportsEnsure timely reporting and corrective action planning for all non-compliance findings.Change Control & Configuration ManagementEnforce strict change control procedures to prevent unauthorized system, network, and application changes.Ensure compliance with DoD-approved ports, protocols, and services (PPS) configurations.Emerging Technology & Continuous ImprovementEvaluate emerging technologies and recommend improvements to operational processes, monitoring capabilities, and threat detection techniques.Develop advanced operating procedures, troubleshooting guides, installation guides, and security documentation.Functional Areas SupportedThe CSSP 24/7 Operations Team Lead oversees or contributes to the following functions:Security Infrastructure Support ServicesSecurity Event Monitoring & AnalysisCybersecurity Incident ResponseAudit Support & Compliance GuidanceSecurity Analysis & ReportingCybersecurity Policy ReviewInformation Assurance Vulnerability ManagementMission Cloud & On-Premises Security OperationsEmerging Technology & Process ImprovementCyber Program Operations & Planning Desired Skills & Competencies
Expert understanding of DoD cyber defense, enterprise security tools, and mission operations.Demonstrated ability to lead high-tempo cyber operations teams in a 24/7 environment.Strong communication skills to interface with senior Government leadership.Ability to balance mission urgency with compliance and structured processes.Advanced knowledge of SIEM, IDS/IPS, ESS, ACAS, STIGs, Zero Trust, and enterprise security architecture.
Education & Experience
Minimum EducationBachelor’s degree in a related field.Graduate-level degree preferred.Equivalent experience and industry certifications may substitute for formal education.Minimum General ExperienceTen (10) years of experience in Information Technology.At least eight (8) years of experience as a Security Administrator or in a similar technical role, or a closely related IT discipline involving oversight of large, complex, multi-site programs.
Certifications
CISSP or equivalent requiredInformation Assurance Technical (IAT) II requiredComputing Environment (CE) certification relevant to Microsoft, Linux, Cloud, or other privileged access technologies (required)ITIL RequiredMust maintain all mandatory certifications
Security Clearance
Must be a U.S. Citizen.Selective Service registration required (if applicable).Top Secret Security Clearance requiredMust maintain fitness and eligibility for national security positions
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
Onsite at customer location
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Human Resources at
hr@cwsc.com.
