Location: Arlington, VA

Job ID: 5880

Capital TechSearch is looking for Director of Security Operations .  In this role you are responsible for development and day-to-day management of agile, real-time security operations capabilities, including  Cyber Threat Hunting, Malware Response and Research, Advanced Security Monitoring, Incident Response, and Forensics and Vulnerability Management.

The position requires a strategic and hands-on technical cybersecurity leader who understands business operations, IT and security technologies, and will utilize that knowledge to oversee the implementation of an effective security operations program that ensures the real-time security posture and is aligned with business needs and the actual and evolving threat landscape.


  • Develop and lead a top-tier, advanced security monitoring and threat intelligence operation combining MSSP (L1/L2)  3rd party cloud and intelligence vendors, and security teams
  • Produce L3 analysis and actionable reports on new and potentially identified threats for the purposes of accurate mitigation and further threat and vulnerability detection
  • Develop a best-in-class threat intelligence capability to monitor external, internal, open source, and deep and dark web information for relevant cyber threats, incidents and /or actionable cyber activity
  • Assess IT and security-based computer and network logs for the purpose of identifying specific patterns of activity or generating statistical threat and vulnerability summaries
  • Develop security monitoring and advanced lateral movement detection analytics specific to non-traditional technology areas such as global cloud service providers, Docker, Kubernetes, and container-based environments
  • Produce predictive and reactive cyber threat intel reports on new or updated cyber threats, new TTPs, campaigns (phishing/spear phishing/watering hole)
    Support other IT and security teams with the analysis of complex security alerts and network traffic to determine the existence or extent of potential threats and remediation / response requirements
  • Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs
  • Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources
  • Develop and maintain behavioral- and signature-based threat-driven use-cases
  • Assess events based on factual information immediately present, available external context and analysis, and wider knowledge and experience with IT systems
  • Proactively drive improvements of internal processes, procedures, and threat and vulnerability management workflows
  • Participate in the testing, recommendation, and integration of new security monitoring and analytical tools
  • Deliver results within given time frames, ensuring work is consistent, well documented, and in-line with team standards at all times
  • Take ownership for the growth of a world-class team and their professional career development

Experience and Qualifications:

  • 8 years+ experience working in an information security or IT operations related field in an enterprise environment Experience
  • BS degree in computer science, networking, engineering, or other computer-related field of study or certifications such as GIAC, GCIH, GCFE, GCFA, GREM, GNFA, OSCP, OSCE
  • Demonstrated experience managing security operations and threat hunting teams with a focus on L3 analysis of events, malware, network forensics, and complex incidents
  • Experience with Splunk or other database query languages (i.e. SQL), ELK experience a big plus
  • Experience creating customized security log analysis and detection capabilities using programming and development expertise, including Java, Python, Shell Scripting and regular expression
  • Fluent in use and monitoring opportunities of all major operating systems platforms (e.g., Windows, Linux/Unix, Mac)
  • Solid understanding of virtual environments hosted and cloud / container (e.g., VSphere, Kubernetes, AWS, GCP)
  • Experience with network forensics tools (e.g., Wireshark, NetWitness)
  • Specific knowledge of CrowdStrike, Splunk, Proofpoint, and other best of breed security tools critical.
  • Deep understanding of TCP/IP and computer networking
  • Knowledge of the functions of security technologies such as IPS/IDS, firewalls, SIEM
  • Experience in the intelligence process, collecting relevant data, creating analytic products, and reporting metrics
  • Experience synthesizing and enriching event data with threat intelligence to create actionable intel
  • Experience creating company specific dashboards, tools and data sets with open source tools (Maltego, MISP, etc.)
  • Prior work experience in financial services or social media / real-time operations environments.
  • Ability to work in a fast paced, high tech environment juggling multiple priorities while meeting deadlines.
  • Exceptional customer service skills, in addition to extensive experience working in a team-oriented, collaborative environment.

To be immediately and seriously considered for this exceptional opportunity please apply below. Your responses will be held in the strictest confidence.

Please call our office if you have any questions. Capital TechSearch, Inc. is an Equal Opportunity Employer.

Apply for this position

  • Accepted file types: doc, docx, pdf, txt.
    File types permitted: .DOC, .DOCX, .PDF, or .TXT
  • Accepted file types: docx, doc, pdf, txt, rtf.
    docx, doc, pdf, or txt files
  • Add any additional information in the notes that describes your value and fit for the position. Additional considerations may include your availability, compensation, and if you are not local to the position, your interest in relocating.

By clicking "Apply" you agree to receive new job updates, information and news from Capital TechSearch, Inc. You can always unsubscribe from our communications at any time.