cFocus Softwareorporated

Role Description The Cyber Threat Intelligence Analyst supports the Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program by delivering advanced cyber threat intelligence, threat analysis, proactive threat hunting, and operational cybersecurity support services. The Cyber Threat Intelligence Analyst is responsible for: - Collecting, analyzing, correlating, and disseminating actionable cyber threat intelligence to support the SBA Security Operations Center (SOC), cybersecurity operations, incident response activities, and enterprise risk mitigation efforts. - Supporting 24x7x365 cybersecurity operations through advanced analysis of indicators of compromise (IOCs), adversary tactics, techniques, and procedures (TTPs), emerging vulnerabilities, and threat actor activity impacting federal information systems and cloud environments. Qualifications - Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Intelligence Studies, Information Assurance, or related discipline. Relevant experience may substitute for degree requirements. - Minimum of 5 years of experience supporting cybersecurity operations, cyber threat intelligence, threat hunting, incident response, or SOC operations. - Experience analyzing threat intelligence, indicators of compromise, adversary TTPs, and cybersecurity attack methodologies. - Hands-on experience with SIEM, EDR, IDS/IPS, network analysis, and cyber defense tools. - Experience conducting threat hunting and advanced event correlation across enterprise environments. - Knowledge of federal cybersecurity frameworks and guidance including NIST SP 800-61, NIST SP 800-53, and CISA operational guidance. - Understanding of MITRE ATT&CK framework and cyber kill chain methodologies. - Experience with cloud security monitoring and threat analysis in Microsoft Azure, AWS, Microsoft 365, and hybrid environments. - Strong analytical, investigative, communication, and reporting skills. - Ability to support 24x7x365 cybersecurity operational environments. Requirements - Provide cyber threat intelligence and operational analysis support for the SBA SOC in support of Task Area 3.5.3 Cybersecurity Operations Support. - Conduct proactive cyber threat hunting activities across enterprise systems, cloud environments, endpoints, and network infrastructure. - Analyze indicators of compromise (IOCs), threat actor tactics, techniques, and procedures (TTPs), malware behaviors, and emerging cyber threats. - Monitor and evaluate cyber threat intelligence feeds, vendor reporting, CISA advisories, US-CERT alerts, and external intelligence sources. - Perform advanced correlation and analysis of security events, SIEM data, IDS/IPS alerts, EDR telemetry, DNS logs, firewall logs, and network traffic. - Support incident response and cybersecurity investigations through intelligence-driven analysis and threat attribution support. - Develop cyber threat intelligence reports, operational briefings, situational awareness products, and executive-level summaries. - Assist with the identification of previously unknown attack vectors and suspicious activity through threat hunting and anomaly analysis. - Support digital forensics and incident analysis activities in coordination with SOC analysts, engineers, and incident responders. - Develop and maintain threat intelligence playbooks, threat models, attack scenarios, and adversary profiles. - Perform analysis of cloud security events and cyber threats impacting Microsoft 365, Azure, AWS, Salesforce, and hybrid cloud environments. - Conduct research on advanced persistent threats (APTs), ransomware groups, insider threats, nation-state actors, and emerging cyber attack trends. - Provide recommendations for defensive countermeasures, detection logic improvements, and enhanced security monitoring capabilities. - Assist in the development of threat signatures, SIEM use cases, detection analytics, and threat detection content. - Support continuous improvement of cybersecurity operations, threat intelligence workflows, and incident response processes. - Coordinate with federal stakeholders, law enforcement, privacy officials, insider threat teams, and mission partners during cyber incident activities. - Document investigative findings, intelligence assessments, and operational actions within case management and reporting systems. - Participate in SOC operational meetings, shift briefings, incident coordination calls, and cybersecurity readiness activities. - Maintain awareness of evolving cybersecurity technologies, federal threat reporting requirements, and NIST cybersecurity guidance. - Support cybersecurity communications, intelligence sharing, and collaboration activities across the SBA enterprise. Benefits - GIAC Cyber Threat Intelligence (GCTI) - GIAC Certified Incident Handler (GCIH) - GIAC Certified Forensic Analyst (GCFA) - Certified Information Systems Security Professional (CISSP) - CompTIA CySA+ - Certified Ethical Hacker (CEH) - Splunk Enterprise Security Certified Admin - Microsoft Security Operations Analyst Associate (SC-200)

Role Description The Privacy and Controlled Unclassified Information (CUI) Lead supports the Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program by leading enterprise privacy, controlled unclassified information (CUI), data governance, and regulatory compliance initiatives. The Privacy and CUI Lead is responsible for managing privacy compliance activities, CUI governance processes, risk management coordination, data protection initiatives, privacy impact assessments, policy development, training support, audit coordination, and continuous monitoring activities supporting SBA systems, applications, cloud services, and enterprise operations. The role serves as the primary interface between program stakeholders, cybersecurity teams, system owners, legal personnel, and agency leadership regarding privacy and sensitive information protection requirements. - Lead SBA enterprise privacy and Controlled Unclassified Information (CUI) management activities supporting the ECS program. - Provide oversight and coordination for Task Area 3.5.5 Privacy and Controlled Unclassified Information Support activities. - Develop, implement, update, and maintain privacy and CUI policies, procedures, standards, governance documentation, and operational processes. - Support compliance with applicable federal privacy and information protection requirements including the Privacy Act of 1974, FISMA, OMB Circular A-130, NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, and SBA cybersecurity/privacy policies. - Lead Privacy Impact Assessments (PIAs), System of Records Notices (SORNs), data flow reviews, and privacy compliance assessments for SBA systems and services. - Manage CUI identification, categorization, marking, handling, safeguarding, dissemination, storage, and destruction activities in accordance with federal standards. - Coordinate privacy and CUI risk management activities with ISSOs, system owners, cybersecurity operations teams, legal counsel, and agency stakeholders. - Support implementation and assessment of privacy and security controls across enterprise systems, cloud environments, SaaS platforms, and hybrid infrastructures. - Provide guidance regarding data minimization, records retention, information sharing, encryption, and data protection best practices. - Support ongoing authorization, continuous monitoring, and security assessment activities related to privacy and CUI controls. - Assist with cybersecurity incident response and breach response activities involving personally identifiable information (PII) or CUI exposure. - Coordinate audit support activities for privacy, CUI, FISMA, Inspector General (IG), GAO, and internal compliance reviews. - Develop and maintain enterprise privacy and CUI dashboards, metrics, risk registers, and reporting mechanisms. - Support enterprise risk management (ERM) activities related to privacy risks, data protection risks, and sensitive information exposure. - Coordinate and deliver privacy and CUI awareness training, onboarding support, and role-based training initiatives. - Provide strategic recommendations regarding privacy governance, data protection technologies, and federal compliance initiatives. - Support FedRAMP continuous monitoring activities involving privacy and CUI requirements for cloud service providers. - Review system architectures, data flows, and operational processes to identify privacy risks and recommend mitigation strategies. - Ensure all deliverables align with SBA implementation procedures, federal mandates, and applicable accessibility requirements including Section 508. - Lead cross-functional coordination meetings involving cybersecurity, compliance, operations, legal, and program management personnel. - Provide management oversight, task coordination, schedule management, quality assurance, and status reporting for assigned privacy and CUI initiatives. Qualifications - Bachelor’s degree in Cybersecurity, Information Assurance, Information Systems, Public Policy, Business Administration, Computer Science, Legal Studies, or related field. Relevant experience may substitute for degree requirements. - Minimum of 10 years of experience supporting federal cybersecurity, privacy, compliance, information assurance, governance, risk management, or CUI-related programs. - Minimum of 5 years of experience leading enterprise privacy, compliance, governance, or cybersecurity initiatives. - Extensive knowledge of federal privacy regulations, cybersecurity frameworks, and controlled unclassified information requirements. - Experience supporting NIST Risk Management Framework (RMF), FISMA compliance, and federal cybersecurity assessment activities. - Strong understanding of NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, Privacy Act requirements, FedRAMP, OMB A-130, and Zero Trust principles. - Experience developing privacy documentation, compliance reports, governance processes, risk assessments, and executive-level briefings. - Experience supporting cloud security and privacy compliance across Azure, AWS, Microsoft 365, Salesforce, or SaaS environments. - Strong project management, analytical, communication, and stakeholder engagement skills. - Experience coordinating cross-functional teams in complex federal IT and cybersecurity environments. - Excellent written communication and technical documentation skills. - Experience supporting federal agencies or government cybersecurity/privacy environments preferred. Preferred Certifications - Certified Information Systems Security Professional (CISSP) - Certified Information Privacy Professional/Government (CIPP/G) - Certified Information Privacy Manager (CIPM) - Certified Information Systems Auditor (CISA) - Certified Authorization Professional (CAP) - Project Management Professional (PMP) - Certified in Risk and Information Systems Control (CRISC) - GIAC Information Security Fundamentals (GISF) - Federal Risk and Authorization Management Program (FedRAMP) experience - ITIL Foundation Certification

Role Description The Cyber Senior Program Manager shall provide executive-level leadership, oversight, coordination, and management for enterprise cybersecurity operations and compliance activities supporting the U.S. Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) effort. The individual will be responsible for the successful execution of all contract requirements associated with Program Management identified in Task Area 3.5.1 of the Performance Work Statement (PWS), including management of contractor personnel, subcontractors, schedules, deliverables, quality assurance, financial reporting, and customer engagement activities. Key Responsibilities - Serve as the primary point of contact between the Contractor and SBA leadership, Contracting Officer (CO), Contracting Officer Representative (COR), and stakeholders. - Provide overall program leadership, strategic direction, administration, and quality control for all ECS task areas and cybersecurity operations. - Develop, maintain, and execute the Program Management Plan (PMP), including transition planning, staffing strategies, risk management, quality management, and work breakdown schedules. - Manage contractor and subcontractor personnel supporting enterprise cybersecurity, RMF, SOC, incident response, vulnerability management, and compliance activities. - Monitor contract performance to ensure compliance with all RFQ, PWS, SLA, QASP, federal cybersecurity mandates, and agency requirements. - Lead monthly Program Management Reviews (PMRs), status meetings, executive briefings, and stakeholder engagements. - Prepare and deliver project status reports, financial reports, staffing reports, meeting minutes, and other contractual deliverables. - Coordinate resolution of programmatic, operational, technical, staffing, and performance issues while ensuring timely communication with the Government. - Provide oversight for cybersecurity initiatives aligned with NIST, FISMA, FedRAMP, Zero Trust, OMB directives, and SBA cybersecurity policies. - Ensure all program deliverables meet quality standards, Section 508 compliance requirements, and established timelines. - Support workforce planning, surge support requirements, and 24x7x365 cybersecurity operational readiness. - Maintain awareness of emerging cybersecurity threats, technologies, and federal compliance requirements to support continuous program improvement. - Support risk management activities, escalation procedures, and mitigation strategies across all task areas. - Ensure all personnel maintain required certifications, background investigations, and security eligibility requirements. Qualifications - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, Business Administration, or related discipline. Master’s degree preferred. - Minimum of fifteen (15) years of progressive experience managing large-scale federal cybersecurity and information technology programs. - Minimum of ten (10) years of experience leading enterprise cybersecurity initiatives supporting federal agencies. - Demonstrated experience managing programs involving RMF, FISMA, SOC operations, vulnerability management, incident response, continuous monitoring, and compliance reporting. - Experience managing geographically dispersed teams in hybrid and/or 24x7 operational environments. - Strong knowledge of NIST SP 800-series publications, OMB mandates, FedRAMP, Zero Trust Architecture, and federal cybersecurity frameworks. - Demonstrated ability to manage budgets, schedules, staffing, subcontractors, risk management, and executive communications. - Excellent verbal and written communication skills, including executive-level reporting and briefing experience. - Project Management Professional (PMP) certification preferred. - Relevant cybersecurity certification(s) such as CISSP, CISM, GSLC, or equivalent preferred. - Ability to obtain and maintain a Moderate Risk background investigation; must be eligible for Top Secret clearance if required during contract performance. Desired Experience - Experience supporting SBA, DHS, CISA, or other civilian federal agencies. - Experience leading enterprise cybersecurity modernization and Zero Trust initiatives. - Experience managing cybersecurity operations in cloud and hybrid environments including AWS, Azure, Microsoft 365, and SaaS platforms.

Role Description The Cyber Threat Intelligence & Threat Hunting Lead will oversee integrated cyber threat intelligence (CTI), detection engineering, and proactive threat hunting operations supporting enterprise cyber defense missions. The Lead will drive development of intelligence-driven detections, hunt methodologies, adversary tracking, SIEM content engineering, and operational threat-informed defense capabilities. - Lead CTI, detection engineering, and threat hunting operations. - Develop intelligence-driven detection and hunt strategies. - Produce operational and strategic threat intelligence reporting. - Develop and maintain: - SIEM detections, - analytics, - correlation rules, - behavioral detections, - and hunt playbooks. - Conduct hypothesis-based threat hunting aligned to: - MITRE ATT&CK, - adversary TTPs, - malware campaigns, - and emerging threats. - Integrate CTI into SOC workflows, detection engineering, and incident response operations. - Analyze: - malware trends, - adversary infrastructure, - campaigns, - indicators, - and attack patterns. - Support automation and SOAR integration initiatives. - Brief executives and technical leadership on emerging threats and operational risk. Qualifications - 10+ years of cybersecurity operations experience. - 5+ years supporting CTI, threat hunting, or detection engineering programs. - Experience with: - Splunk, - Sentinel, - CrowdStrike, - EDR telemetry, - detection content engineering, - and intelligence platforms. - Strong understanding of: - MITRE ATT&CK, - adversary tradecraft, - malware analysis, - and intelligence analysis methodologies. - Experience developing: - SIEM detections, - hunt analytics, - detection tuning, - and operational reporting. Preferred Certifications - GCTI - GCFA - GCIH - GMON - GCDA - CISSP - Splunk Security certifications

Role Description The SOC Operations Lead will oversee 24x7x365 Security Operations Center (SOC) and Managed Detection & Response (MDR) operations supporting a large federal enterprise environment. The Lead will direct SOC analysts, incident responders, and MDR personnel responsible for security monitoring, alert triage, incident analysis, escalation, containment coordination, reporting, and continuous operational improvement. The ideal candidate possesses deep experience leading enterprise SOC operations supporting federal agencies, including SIEM operations, endpoint detection and response (EDR), cloud security monitoring, incident coordination, and executive cyber reporting. Key Responsibilities - Lead enterprise SOC and MDR operations supporting on-premises and cloud environments. - Oversee 24x7 monitoring, detection, triage, and escalation activities. - Direct operational workflows for: - SIEM monitoring, - alert management, - incident coordination, - case management, - and operational reporting. - Manage analyst teams supporting: - Splunk, - Microsoft Sentinel, - CrowdStrike, - Sysmon, - Windows event logging, - and cloud telemetry platforms. - Develop and maintain SOC SOPs, playbooks, runbooks, escalation matrices, and reporting procedures. - Lead operational metrics reporting including: - MTTD, - MTTR, - false positive rates, - automation effectiveness, - analyst productivity, - and incident impact assessments. - Coordinate closely with Threat Hunting, CTI, Detection Engineering, and Incident Response teams. - Brief executives and government leadership on significant incidents, operational trends, and emerging threats. - Support proposal development, oral presentations, staffing, and transition planning. Qualifications - 10+ years of cybersecurity operations experience. - 5+ years leading enterprise SOC or MDR environments. - Experience supporting federal civilian or DoD environments. - Experience managing large-scale SOC operations in environments exceeding: - 10,000+ users, - enterprise cloud environments, - and large SIEM deployments. - Experience with: - Splunk Enterprise Security, - Microsoft Sentinel, - CrowdStrike, - EDR/XDR platforms, - SOAR technologies, - and cloud security monitoring. - Deep understanding of: - MITRE ATT&CK, - incident response, - detection engineering, - and threat-informed defense. - Strong executive briefing and oral presentation skills. Preferred Certifications - CISSP - GCIA - GCIH - GMON - GSOC - Splunk Architect/Admin certifications - Microsoft Security certifications

Role Description cFocus Software seeks a SOC Analyst to join our program supporting the Federal Communications Commission (FCC). This position is remote and requires the ability to obtain a Public Trust clearance. Qualifications - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience). - Experience in cybersecurity operations, incident response, or related SOC environment. - Familiarity with enterprise IT environments, networks, and security technologies. - Ability to analyze and interpret security data and alerts. - Experience with SIEM platforms (e.g., Splunk, QRadar, Sentinel). - Knowledge of endpoint detection and response (EDR) tools. - Understanding of networking fundamentals (TCP/IP, DNS, HTTP, etc.). - Familiarity with threat intelligence and common attack techniques. - Strong analytical and problem-solving skills. - Ability to work in a fast-paced, 24x7 operational environment. - Effective communication and documentation skills. Requirements - Role-appropriate cybersecurity certifications demonstrating competency in security operations and incident response. - Examples include: CompTIA Security+, CySA+, CEH, GSEC, or other relevant certifications. Duties - Monitor security events and alerts using SIEM and other security monitoring tools. - Analyze logs, alerts, and network traffic to identify potential security incidents. - Perform incident triage, investigation, and escalation in accordance with established procedures. - Document incidents, findings, and response actions in ticketing systems. - Support incident response activities and coordinate with internal teams as needed. - Follow and maintain SOPs, playbooks, and response procedures. - Identify false positives and tune detection rules where appropriate. - Support vulnerability management and threat detection initiatives. - Participate in continuous improvement of SOC processes and capabilities.

Role Description cFocus Software seeks a ISSO Lead to join our program supporting the Federal Communications Commission (FCC). This position is remote and requires the ability to obtain a Public Trust clearance. - Lead RMF lifecycle activities including system authorization, reauthorization, and continuous monitoring. - Develop, maintain, and update security documentation including SSPs, CMPs, contingency plans, and A&A packages. - Manage POA&Ms, risk acceptances, and remediation tracking across enterprise systems. - Serve as liaison between business units and the Office of the CISO. - Support vulnerability management, configuration management, and compliance monitoring. - Lead internal controls testing and Security Control Assessments (SCA). - Coordinate and support internal/external audits (e.g., FISMA, OIG). - Maintain authorization boundary documentation and configuration deviation tracking. - Support risk analysis, reporting, and continuous improvement initiatives. - Facilitate weekly security meetings and stakeholder coordination. Qualifications - Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience). - 8+ years of experience in cybersecurity, compliance, or risk management. - Demonstrated experience with RMF, NIST SP 800-53, and federal compliance frameworks. - Experience supporting A&A, POA&M management, and continuous monitoring programs. - Experience in enterprise-scale cybersecurity environments. - Experience with federal environments (FISMA, NIST frameworks). - Experience with GRC tools (e.g., Xacta). - Strong leadership, communication, and stakeholder engagement skills. Requirements - CISSP (Certified Information Systems Security Professional) OR equivalent certification in information security governance/risk.

Role Description cFocus Software seeks a Threat Intelligence/Threat Hunting Analyst to join our program supporting the Federal Communications Commission (FCC). This position is remote and requires the ability to obtain a Public Trust clearance. Qualifications - Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience). - Experience in threat intelligence, threat hunting, or cybersecurity operations. - Experience analyzing logs, network traffic, and endpoint data. - Knowledge of MITRE ATT&CK framework and cyber threat lifecycle. - Familiarity with NIST frameworks and RMF processes. - Strong analytical and investigative skills. - Experience with SIEM platforms (e.g., Splunk, QRadar). - Experience with EDR/XDR tools. - Scripting skills (Python, PowerShell) for automation and analysis. - Knowledge of cloud security monitoring. - Strong written and verbal communication skills. Requirements - Role-appropriate cybersecurity certifications (e.g., Security+, CySA+, CEH, GCIH, or equivalent). - Additional certifications in threat intelligence or incident response are preferred. Duties - Conduct proactive threat hunting across enterprise networks, endpoints, and cloud environments. - Analyze threat intelligence feeds, indicators of compromise (IOCs), and tactics, techniques, and procedures (TTPs). - Correlate data from SIEM, EDR, and other security tools to detect malicious activity. - Develop and refine detection rules, use cases, and hunting methodologies. - Investigate security incidents and support incident response activities. - Produce threat intelligence reports and briefings for stakeholders. - Track emerging threats and assess potential impact to the organization. - Support continuous monitoring, RMF processes, and compliance reporting. - Collaborate with SOC, vulnerability management, and engineering teams.

Role Description cFocus Software seeks a Sr. Application Developer (JavaScript/ArcGIS Experience Builder) to join our program supporting the United States Secret Services (USSS). This position is remote and requires the ability to obtain a Public Trust clearance. - Design, develop, and maintain secure, scalable web applications using JavaScript, React, and modern front-end frameworks. - Develop user-facing GIS applications and dashboards that integrate with ArcGIS Enterprise, ArcGIS REST APIs, and geospatial services. - Collaborate with GIS architects, system engineers, and back-end developers to implement end-to-end solutions. - Develop reusable UI components and application frameworks following best practices. - Ensure applications meet performance, scalability, and availability requirements. - Implement secure coding practices aligned with DHS and USSS cybersecurity requirements. - Support SELC activities including requirements analysis, design reviews, testing, deployment, operations, and disposition. - Participate in Agile development activities including sprint planning, daily standups, demos, and retrospectives. - Develop and maintain technical documentation, code repositories, and configuration artifacts. - Integrate applications with CI/CD pipelines and automated testing frameworks. - Support application security testing, vulnerability remediation, and code reviews. - Ensure Section 508 accessibility compliance for all developed applications. - Provide Tier 3 support for application issues, incident response, and system enhancements. Qualifications - Bachelor’s degree in Computer Science, Software Engineering, Information Systems, or related field (or equivalent experience). - Minimum of 10 years of experience in application development, with strong emphasis on JavaScript and React. - Demonstrated experience developing enterprise-scale web applications. - Hands-on experience integrating with GIS platforms such as ESRI ArcGIS Enterprise and REST services. - Strong knowledge of HTML5, CSS3, JavaScript (ES6+), and modern front-end frameworks. - Experience with API integration, asynchronous programming, and state management. - Experience working in Agile/Scrum development environments. - Familiarity with federal cybersecurity requirements, secure coding, and vulnerability remediation. - Ability to obtain and maintain a DHS Tier 4a Background Investigation.

Role Description cFocus Software seeks a SOC Manager to join our program supporting the Housing and Urban Development. This position is remote and requires a Public Trust clearance. Qualifications - Bachelor’s Degree or Higher in Cyber Security or related field - Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) - 7+ years managing a security operations team - Expertise in managing the delivery of Security Operations Center activities and operations - Experience in security operations, network security, incident response, threat analysis, and cybersecurity tools - In-depth knowledge of cybersecurity technologies, threat landscapes, and incident response protocols Requirements - Managing a team providing security systems and tools management related to on premise, cloud, and hybrid cloud technologies - Cyber Security tool implementation, operations and maintenance - Supporting Threat Intelligence and DevSecOps - Directing, managing, implementing, and executing business and technology related solutions - Cyber, IT and business strategy, planning, IT Security and Compliance with Federal Government related rules and regulations - Ability to analyze security incidents, identify root causes, and implement preventive measures - Managing and executing technologies and processes that affect assigned global Information Protection capability - Keeping the infrastructure current and making recommendations for continuous improvement - Advising and supporting project teams, application owners, and other Information Security teams on information security controls - Preparing, maintaining and updating security documentation, policies, processes, and controls