SIEM Engineer - Network Security/Information Assurance Engineering
ACTIVE SECRET CLEARANCE REQUIRED
Locations: Huntsville, AL or Vicksburg, MS or Portland, OR
The ISSE III will support the on-going Cyber Security practice for the ACE-IT contract and customer. The ISSE III will leverage Cyber Security processes and tools to architect and deliver end-to-end proactive cyber solutions which includes technical implementation of incident and event management processes, workflow customization, ticketing, process automation, report development, dashboard creation, and system configurations. The ISSE III is responsible for the operations, development, and maintenance of the SIEM log management infrastructure and associated architectures. The process SME is also responsible for developing relationships with all key stakeholders, including customers, operations, engineering, and service management office, to ensure that Cyber Security best practices are identified and fully assimilated into the customer environment.
MAJOR JOB ACTIVITIES:
· Develop, modify, build, implement, deploy and test SIEM correlation and vulnerability management rules in alignment with client requirements utilizing change management best practices.
· Develop and maintain internal asset classification and categorization in the SIEM and vulnerability management portal.
· Act as a subject matter expert (SME) to guide internal staff with a primary mission to proactively prevent incidents by utilizing SIEM, Vulnerability Scanning, and complementary technologies as appropriate.
· Perform security incident analysis, recommend remediation steps and orchestrate available resources to respond in accordance with appropriate incident response plans.
· Analyze alerts as well as develop new triggers and reporting on an ongoing basis.
· Participate on interconnecting the SIEM tool with sources of security incidents (e.g. logs from servers, network and security devices, Vulnerability Management system, Antivirus system)
· Configure and manage security tools in compliance with Department of Defense requirements while also ensuring continued compliance for all devices.
· Work with the security operations center team to ensure security devices/tools are configured properly to monitor, track, and analyze networks/systems for potential security violations while also assisting in all potential incidents.
· Also provide Information security subject matter expertise throughout the tasking and translate security requirements into technical designs/solutions.
· Work in close coordination with the Information Assurance team and SOC to appropriately resolve daily incidents.
· Work with the project team to help ensure customer data, company data, assets, and resources are as secure in order to maintain a proactive security posture within the environment.
· Ensure staff are following customer, DoD, Army, organizational policies and procedures.
· This position requires on-call availability for 24/7 coverage.
· Other duties as assigned.
MATERIAL & EQUIPMENT DIRECTLY USED:
Desktop/Laptop computers, IA and CND software security applications: See Below.
Must comply with OSHA, EPA, Fire and Safety Regulations and published company work policies.
Working environment will be in office environment/indoors and may extend into late hours.
This position requires the applicant be able to travel up to 25% of the time.
Individual should be able to lift up to 40 lbs. unassisted.
Education/Certifications: One year related experience may be substituted for one year of education, if degree is required.
Bachelor’s degree in Information Security or IT related field
At least 7-10 years+ experience in Information Security.
At least 3-4 years+ of experience in Security Information Event Management (SIEM) and Splunk Tool administration
In depth knowledge of Vulnerability scanning tools, intrusion detection/intrusion prevention systems, and a core understanding of DoD/DISA compliance methodologies/requirements.
Expert experience with at least one of the following tool suites highly desired, ArcSight, ACAS, Maltego, CyberArk, HBSS, Imperva, Splunk, Encase, Websense, SourceFire, AlgoSec, Forcepoint/Websense, or FireEye
Must be willing to travel; travel is infrequent and often less than two weeks if needed
This position requires DoD 8140 (DOD 8570) standards as a IAT III position with one of the following certifications: GCIH, CISA, CASP, CISSP (or Associate), GCED
Excellent relationship and team communication skills.
Strategic and tactical mindset.
Critical thinking and problem solving skills.
High tolerance/evolved ability to lead and manage ambiguous situations.
Excellent organization skills.
Excellent verbal, written, facility and presentation skills.
Collaboration and team leadership abilities.
Effective time management skills.
Ability to establish customer trust and confidence.
Ability to travel within company and customer locations as needed within short notice.
If the needs of the business dictate, perform tasks outside normally scheduled business hours.
Must be a U.S. citizen, secret clearance required at start date.