Provide direct supervision to the Security Operations and Compliance teams, fostering a collaborative environment that integrates real-time threat defense with long-term risk management
Provide day-to-day leadership, mentorship, and resource management for the SecOps and Compliance teams
Act as the primary liaison between the technical teams and the AOTO Information Security Officer (ISO) and Government Leads
Develop and execute strategic security plans that align technical capabilities (SIEM, Firewalls) with policy requirements (NIST 800-53, JISF)
Synthesize data from Security Operations and Compliance activities to provide executive-level reporting on the organization's risk posture, security trends, and program health
Oversee the 24/7/365 efficacy of security tools and operational activities, including Incident Response (IR), Intrusion Detection/Prevention, and SIEM management (Splunk)
Ensure timely triage, investigation, and remediation of security events, serving as the escalation point for critical incidents
Direct the Vulnerability Management program, ensuring scans are conducted, analyzed, and remediation efforts are coordinated effectively across cross-functional IT teams
Manage the implementation and maintenance of security infrastructure (Next-Gen Firewalls, Endpoint Protection, Web Gateways)
Supervise the full lifecycle of Assessment & Authorization (A&A) activities, ensuring systems maintain Authority to Operate (ATO) in accordance with the Judiciary Information Security Framework (JISF) and NIST RMF
Oversee the development and maintenance of System Security Plans (SSPs), POA&Ms, and other critical security documentation in the CSAM tool
Ensure that new and existing systems integrate security controls early in the SDLC (Security by Design) and meet auditing requirements
Review and approve policy updates, Standard Operating Procedures (SOPs), and Concept of Operations (CONOPS) documents
Manage the IT Security Awareness Training and Phishing Simulation program, ensuring continuous improvement and high user engagement
Collaborate with AOTO project managers and system owners to ensure security resources are appropriately allocated to ongoing projects
Maintain awareness of emerging threat intelligence and regulatory changes to proactively adapt the program’s defense and compliance strategies
Requirements
At least 10 years of progressive IT security experience, with a minimum of 3-5 years in a leadership or management role supervising teams
Understanding of Security Operations architectures (SIEM, Firewall, IDS/IPS, Vulnerability Scanning) and Incident Response lifecycles
Experience coordinating and overseeing the implementation of security projects
Ability to manage diverse teams, prioritize conflicting demands, and drive performance towards meeting SLA/contractual requirements
Excellent oral and written communication skills, with the ability to translate complex technical issues into business risks for senior management and government stakeholders
Familiarity with enterprise tools such as Splunk, Nessus, CSAM, and Patch Management systems is a plus
Knowledge of risk management framework pertaining to IT Security a plus
Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
Tech Stack
Firewalls
SDLC
Splunk
Benefits
a variety of medical plan options
some with Health Savings Accounts
dental plan options
a vision plan
a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match
full flex work weeks where possible
a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
15 days of paid leave per calendar year
10 paid holidays per year
up to 160 hours of paid leave in a rolling 12 month period for eligible employees
short and long-term disability benefits
life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance