LCG Cybersecurity Specialist

This role is intended for experienced cybersecurity professionals only.*

Applicants with a primary background in general IT (help desk, system administration, network engineering) **will not be considered.** You must have real-world experience in Tier 2/3 SOC operations, malware analysis, forensics, or threat hunting. If your background is primarily help desk, IT support, or system administration, you will not be considered. We're looking for professionals who live and breathe security—not just work in IT.

The LCG Cybersecurity Specialist is a Leadership position at LCG with overall responsibility for assigned matters, engagements, personnel, and operations within their assigned service area.

This position is a senior leadership and supervisory position and as such the Cybersecurity Specialist will demonstrate the ability to effectively lead a team of individuals responsible for all facets of Cybersecurity service delivery. This position will require a high level of communication with colleagues, other members of leadership as well as the immediate team under supervision and a focus on team-based approach and achievement of LCG goals. The Cybersecurity Specialist will work with other leadership positions/colleagues to Champion LCG’s Mission, Vision, and Values, inspiring the team to deliver exceptional service while upholding the highest ethical and professional standards.

The Cybersecurity Specialist is responsible for developing and executing a long-term vision for the cybersecurity division, optimizing team structure, resource allocation, and service delivery to meet LCG’s strategic objectives. Efforts will include the identification of business development opportunities/revenue streams, fostering and building new client relationships, managing clients and allocating appropriate resources to assigned engagements. The Cybersecurity Specialist reports to the COO/CEO.

General Responsibilities

·     Supervise and manage teams in primary areas of responsibility

o  Supervision includes detailed and complex cybersecurity response, investigations and ongoing client support.

·     Lead in the delivery of cybersecurity and managed security services to contracted Clients including but not limited to:

o  Incident response, monitored endpoint detection and response, vulnerability assessments, risk assessments, vulnerability scans, penetration testing, breach attack simulation, security awareness training, security information and event management systems, intrusion detection/prevention systems, threat hunting, tactical forensic analysis, forensic collection of digital artifacts and other valuable operational data, remediation efforts, threat intelligence assessments, research, development, red/blue team efforts and technical consulting.

o  Actively engage in hands-on interpretation/analysis, and document findings, stepping into complex incidents as needed to guide response efforts and ensure technical excellence

·     Assist with cybersecurity strategies, drafting of investigative protocols and engage in general oversight of LCG teams/personnel as they relate to assigned investigations

·     Engage in direct high-level communication with clients, inside/outside counsel regarding potential/ongoing and/or past investigations.

·     Engage in business developments efforts to identify new clients, establish/build client relationships, foster partnerships, etc.

·     Develop solid client relationships and establish ongoing “book of business”/revenue generation based upon established relationships

·     Provide ongoing feedback to executive level leadership regarding investigations/matters/clients, etc. as needed

·     Work directly with senior leadership to further LCG goals/business development, enhance internal processes, develop new/updated SOP, etc.

·     Work professionally and effectively with other team members to complete assigned tasks.

·     Implement third party tools to assist in detection, prevention and analysis of security threats.

·     Monitor logs, events and designated systems for security breaches.

·     Conduct and/or assist with deployment and management of software-based security awareness training and social engineering campaigns.

·     Provide all necessary support for cybersecurity and managed security services, including after-hours support if required.

·     Maintain cutting-edge expertise in cybersecurity practices and emerging threats, actively contributing to the evolution of LCG’s technical methodologies.

·     Collaborate with other division heads to ensure cybersecurity integrates seamlessly with LCG’s broader operational and strategic goals

·     Travel will be limited but some travel will be required as dictated by incident response/client needs.

·     Other duties as assigned.

Supervisory Responsibilities

·     Serve as the primary supervisor for team members including analysts, senior analysts, managers, etc.

·     Serve as the primary project manager for ongoing cybersecurity projects involving LCG clients.

o  Maintain client relationships and consistent communication with clients to ensure they are up to date on any active matters, investigations or projects.

·     Ensure individual and team alignment with LCG Mission, Vision and Values

·     Ensure compliance with all LCG Guidelines, SOP, Handbooks, confidentiality requirements, forensic protocols, contracts or any other guiding documents provided by LCG and/or clients in relation to services provided.

o  Develop strategies to promote team member adherence to LCG Standards, guidelines and performance goals

·     Monitor and manage day to day operations within area of responsibility and provide feedback to LCG Executives as needed

o  Engage in ongoing mentoring and training to team members in areas requested or where deficiencies have been identified

o  Monitor team members' participation to ensure the training they are being provided is being put into use, and also to see if any additional training is needed

·     Ensure that any work/deliverables undergo peer review and meet the standards of LCG prior to submission to clients

·     Drive team accountability and performance by setting clear goals, providing constructive feedback, and fostering a culture of excellence and innovation

o  Answer team member questions, help with team member problems and oversight of team member work/deliverables for quality standards and SOP, guideline, protocol or other compliance

·     Oversee budgeting and resource allocation for the cybersecurity division to ensure operational efficiency

·     Communicate deadlines and service goals to team members

·     Coordinate and run team meetings as needed to update members on best practices and continuing expectations

·     Generate and/or share information relating to team performance, mission-related objectives, and deadlines with managing director(s) and other members of leadership upon request.

·     Other duties as assigned

Business Development Responsibilities

·     Spearhead business development initiatives, leveraging industry expertise to identify high-value opportunities, secure new clients, and expand LCG’s market presence in cybersecurity services

·     Drive the growth of LCG’s cybersecurity service area by establishing a sustainable pipeline of clients and achieving annual revenue targets in collaboration with executive leadership

Required Qualifications

·     Demonstrated experience with toolsets such as the Elastic Stack, Arkime, Zeek, Wireshark, Metasploit, tcpdump, NMap, Nessus, Snort, EnCase, and Forensic Toolkit

·     Strong knowledge of Windows Fundamentals, UNIX/Linux fundamentals, and adversary Tactics, Techniques, and Procedures (TTPs), such as initial access, credential access, privilege escalation, persistence, lateral movement, and exfiltration

·     Experience with scripting and Command Line tools, such as UNIX/Linux Bash, Windows Command Line Interface (CLI), PowerShell, and Python

·     Proficient in writing, editing, executing scripts on Windows, UNIX/Linux systems

·     Experience with encrypted and unencrypted remote access technologies, such as RDP, SSH, VPN, Telnet, and FTP

·     General knowledge of cyber security frameworks, such as the Cyber Kill Chain, MITRE ATT&CK, and the NIST 800 series

·     General knowledge of physical computer components and architectures, including the functions of computer domains, directory services, various components and peripherals, basic programming concepts, assembly codes, TCP/IP, OSI models, underlying networking protocols (e.g., DNS, ARP, etc.), security hardware and software

·     Proficient in collecting and analyzing digital data, recording detailed notes, and documenting findings in reports

·     Proficient in the delivery and monitoring of: Active endpoint detection and response systems, intrusion detection systems and security information and event management systems, Risk assessment tools, technologies and methods, Vulnerability scanning tools and methodology.

§ Qualys or other vulnerability management solutions

§ SentinelOne or other EDR solutions

§ Elastic (ELK) or other SIEM solutions

·     Other proficiencies not required but desired:

o  Microsoft Activity Directory administration, Microsoft 365 administration.

o  Programming and scripting skills are a bonus (C#, C , Perl, Python, Javascript, Powershell).

General Skills Include:

·     Passion for cybersecurity and willingness to learn

·     Excellent interpersonal and communication skills

·     Excellent writing and presentation skills

·     Ability to problem solve

·     Ability to lead a team of cyber operators

·     Ability to interact with C-suite, non-technical and technical people

·     The ability to thrive in fast-paced, high-stress situations