Risk and Integration Lead

Risk And Integration Lead

Sentar is proud to be an employee-owned company, fostering a culture of empowerment, collaboration, and innovation. Sentar is dedicated to developing the critical talent that the connected world demands to create solutions to address the convergence of cybersecurity, intelligence, analytics, and systems engineering. We invite you to join the team where you can build, innovate, and secure your career.

Sentar is seeking a Risk And Integration Lead in Charleston, SC.

The Naval Information Warfare Center (NIWC) Atlantic Cybersecurity Service Provider (CSSP) Operations Management, Evaluation, and Training (COMET) Team assists the CSSP Director in defining CSSP Service Area Requirements, identifying process improvement projects, and providing support in the defensive cyber operations (DCO) monitoring and incident response functions for the IPT. COMET provides ancillary support in fulfilling inherently government responsibilities associated with Operations.

The COMET personnel assist the CSSP Director and CSSP Deputy Director with a range of responsibilities related to cybersecurity operations. This includes assisting in CSSP operations oversight, prioritization, and decision-making, as well as overseeing technical cyber monitoring and incident response within the CSSP during their local daytime shift. They will provide updates to the CSSP Director and other stakeholders and drive continuous improvement by defining new methodology for Operations' scalability through proactive research, evaluation, and implementation of novel tools, capabilities, and processes.

The COMET personnel will monitor resources and advocate for the operational needs of Operations, performing continuous learning and acting as Subject Matter Experts for various cybersecurity skillsets for the CSSP Service Area's teams. They will provide surge support during high criticality cyber incidents, as directed by the CSSP Director.

The COMET personnel will identify opportunities within the CSSP for process improvement and maximize the use of CSSP Service Area shared resources across internal CSSP teams. They will generate CSSP Service Area process improvement project proposals and track their completion with ancillary teams and the prime contract company.

Serves as the central POC for internal CSSP risk management, ensuring visibility and timely escalation. Supports subscriber onboarding and sustainment, coordinating integration across service areas. Maintains requirements, issues, and gap logs to ensure accuracy, traceability, and resolution across the IPT.

Impact of Position – CSSP Risk & Integration Lead

• Improves risk posture through centralized tracking and visibility for leadership decision making and prioritizing initiatives
• Ensures subscriber visibility and monitoring from onboarding and throughout sustainment
• Improves program execution by identifying and resolving risks early
• Enhances coordination across Operations Leads and service areas
• Supports mission continuity by identifying trends and gaps early

The successful candidate will have a strong technical understanding of cybersecurity operations and experience in managing and overseeing technical cyber monitoring and incident response. They will have excellent communication and problem-solving skills, as well as the ability to work collaboratively with cross-functional teams. They will also have a deep understanding of incident response processes and procedures and be able to apply this knowledge in driving continuous improvement and defining new methodology for CSSP Service Area scalability.

Qualifications:

Required skills, years, experience with technology, etc. needed:

• Understanding of modern cyber defense policies, procedures, and regulations, such as defense-in-depth principles, intrusion detection methodologies, and incident response frameworks.
• Identification of appropriate response actions associated with different cybersecurity event scenarios as well understanding of the different classes of attacks and knowledge of general attack stages (cyber kill chain).
• Ability to communicate in both written and verbal format to stakeholders, tailored at either non-technical or technical levels as required.
• Ability to direct, coach, and mentor floor analysts both outside cybersecurity events as part of skills development and during cybersecurity events as a Subject Matter Expert and surge support.
• Skill in providing informed opinions to leadership during a high-pressure situation and to support leadership in coordinating available resources to resolve the situation.
• Ensures problems are communicated from analysts up to leadership and follows up between all parties to ensure resolution of problems.
• Analyzes, tracks, and directs own workflow to ensure efforts are placed on projects that will improve the workflow and services the Ops Watch Floor provides.
• Remains self-disciplined and ensures timely completion of tasks.

Highly Desired Skills:

• Knowledge of reverse engineering and malware analysis such as familiarity with program memory structure, compilation, and assembly, as well as ability to read code, de-obfuscate code, and determine if code is malicious or benign.
• Knowledge of programming language structures and logic, secure coding techniques, and familiarity with computer science sub-fields such as information theory, cryptography, computer security, operating systems, networks, and embedded systems.
• Experience presenting to senior (GS15/O5+) Leadership
• Knowledge of DoD Cyber policies and compliance guidelines
• Familiarity with CJCSM 6510.01B Cyber Incident Handling Program
• Working knowledge of common DCO tools
• Familiarity with SaFE methodology and Atlassian products (Jira, Confluence, etc.)

To be considered minimally qualified:

• To be considered minimally qualified for this position, applicants must demonstrate that they have the required IT-related experience for the respective grade level. This experience may be demonstrated through paid or unpaid experience or completion of specific intensive training, such as IT certification.
• The basic requirement is that applicants must have IT-related experience demonstrating each of the four competencies listed below:
• Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
• Customer Service - Works with clients and customers to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
• Oral Communication - Expresses information effectively, taking into account the audience and nature of the information; makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
• Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
• Additional duties for this position include aiding in establishing CSSP Service Area requirements for the defense, integration, and analysis of subscriber networks to ensure quality output in all processes. The individual will oversee and validate network intrusion detection, monitoring, and correlation analysis; incident response; and network and host-based digital forensics as necessary to support CSSP mission execution.
• The successful candidate will serve as the designated GOV technical authority for a specified CSSP Service Area service offering, such as DCO monitoring/incident response, User Activity Monitoring (UAM), Cyber Threat Intel (CTI), or cyber threat hunting and malicious cyber activity detection creation. They will communicate significant updates to stakeholders and CSSP Director regarding cyber incidents, outages, and other significant activity. They will maintain awareness of any CSSP risks that may impact the ability to execute CSSP Service Area service delivery or be mitigated by changes to CSSP Service Area processes.
• The individual will provide professional and technical guidance to CSSP Service Area personnel on cybersecurity subject matters. They will demonstrate advanced technical proficiency in IR methodologies and tools, leading development of training, documentation, and process improvement, as well as overseeing technical mission execution during cyber events. They will provide technical direction to contractors and other teams within the NIWC Atlantic CSSP Service Area department to steer the overall incident response plan and recovery actions.
• The individual will attend meetings in support of CSSP Service Area to identify operational issues and process improvement opportunities as the designated GOV technical cyber SME. They will identify, create, and oversee projects for furthering the operational capability of the Floor. They will work with the prime contracting stakeholders remotely to execute and verify output of project requirements.
• The individual will provide any necessary unfulfilled communications, technical, or administrative support to Floor personnel in the event of a significant breach. They will act as surge support civilian oversight for the CSSP Service Area in the case of the unavailability of the CSSP Director or CSSP Deputy Director.
• The individual will prioritize and ensure CSSP mission execution aligns with requirements (CJCSM 6510.01B, DoD O-8530.1-M, and ESM. They will possess knowledge of the following concepts: Network and host-based activity correlation in tools such as Splunk, Elastic, and Microsoft Sentinel; Full packet capture (PCAP) analysis; IDS/IPS solutions; Advanced writing skills; Basic digital forensics concepts and tools.
• The successful candidate will have experience in managing and overseeing technical cyber monitoring and incident response, as well as a strong understanding of cybersecurity operations. They will have excellent communication and problem-solving skills, as well as the ability to