Cybersecurity Lead

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 144 hours of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking a Cybersecurity Lead to serve as the primary technical and managerial authority overseeing cybersecurity implementation support services across mission-critical systems. This role provides strategic direction and operational oversight for cybersecurity operations, vulnerability management, compliance and cyber authorization activities. The Cybersecurity Lead position serves as the primary interface with stakeholders, ensuring the protection of organizational assets and resilience against evolving cyber threats. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Implement and oversee baseline security configurations and controls.
• Monitor, analyze and report cybersecurity metrics to ensure compliance with Department of Energy (DOE) and federal requirements.
• Review and update processes to align with Office of Information Management (OIM) guidance, policies and best practices.
• Lead implementation of the OIM cybersecurity metrics program plan, including data collection, reporting and oversight activities.
• Direct daily cybersecurity operations for SC General Support System (GSS) domains, including detection, analysis, containment, eradication and recovery activities.
• Manage Security Information and Event Management (SIEM), Intrusion Detection and Prevention Systems (IDS/IPS), Endpoint Detection and Response (EDR), Data Loss Prevention (DLP), Identity, Credential and Access Management (ICAM), Continuous Diagnostics and Mitigation (CDM) and cloud security tools.
• Provide daily cyber health and status reporting to leadership.
• Lead proactive threat hunting and incident response activities, coordinating with DOE’s Integrated Joint Cybersecurity Coordination Center (iJC3).
• Establish and maintain Standard Operating Procedures (SOPs) for incident response, escalation and after-action reporting.
• Ensure compliance with DOE Order 205.1, United States Computer Emergency Readiness Team (US-CERT) requirements and other applicable federal directives.
• Oversee CDM program activities, including tool maintenance, upgrades and analysis.
• Coordinate with DOE contractors and vendors to ensure compliance with DOE Orders and regulatory requirements.
• Provide continuous monitoring for unauthorized hardware, software and implemented risk controls.
• Lead vulnerability identification, risk assessment and mitigation activities across information technology (IT) infrastructure and cloud environments.
• Direct patch management, configuration updates and corrective actions.
• Establish continuous monitoring processes leveraging automated tools and threat intelligence feeds.
• Ensure compliance with the Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology (NIST) Special Publication 800-53 and evolving regulatory requirements.
• Deliver regular vulnerability management reports, including metrics, compliance status and recommendations.

What you need to know:

• Strong knowledge of cybersecurity operations, incident response, threat hunting, vulnerability management and continuous monitoring practices.
• Experience implementing and managing SIEM, IDS/IPS, EDR, DLP, ICAM, CDM and cloud security platforms.
• Knowledge of DOE cybersecurity policies, federal directives and regulatory requirements.
• Experience developing, monitoring and reporting cybersecurity metrics to support compliance, risk management and operational decision-making.
• Understanding of vulnerability management, patch management, system hardening and risk mitigation across on-premises and cloud environments.
• Knowledge of FISMA, NIST SP 800-53 and related cybersecurity compliance frameworks.

Must have’s:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering or a related field (Master’s preferred).
• 8+ years of progressive experience in cybersecurity operations, incident response and vulnerability management.
• Strong knowledge of DOE cybersecurity policies, federal directives and industry best practices.
• Hands-on expertise with SIEM, IDS/IPS, EDR, DLP, ICAM, CDM and cloud security platforms.
• Proven leadership in managing cross-functional teams.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Applicants must currently be a U.S. citizen and eligible to obtain and maintain a security clearance, in compliance with federal contract requirements.

Beneficial to have:

• Strategic thinker with the ability to align cybersecurity initiatives to mission priorities.
• Excellent communication skills for reporting to leadership and coordinating with stakeholders.
• Strong analytical and problem-solving skills, especially in incident response and forensic analysis.
• Ability to adapt to emerging technologies and evolving threat landscapes.
• Ability to build advanced alerts in SIEM platforms.
• Team lead capability to train personnel on basic and advanced skills.
• Ability to translate events into incident response tickets and provide briefings to leadership.
• Advanced knowledge of security tools.
• Experience supporting Tier 2 and Tier 3 analysts during incident response activities.
• Above-basic Microsoft Windows and Linux command-line interface (CLI) skills.
• Understanding of multiple security tools including EDR, IDS, IPS and firewalls.
• Experience developing complete incident response workflows and mitigation recommendations.
• Experience leading and writing tabletop exercises.
• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), Certified Information Systems Auditor (CISA), Project Management Professional (PMP) or Certified Associate in Project Management (CAPM).
• Knowledge of NIST SP 800-53 Revision 5, RMF, NIST Cybersecurity Framework (CSF), FedRAMP authorization processes, Tenable Nessus (ACAS) and Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs).

Where it’s done:

• Onsite (Oak Ridge, TN / Lemont, IL / Germantown, MD or Washington, DC).