Yesterday
Unspecified
Senior Level Career (10+ yrs experience)
IT - Security
Washing, DC (On/Off-Site)
Statement of Status: eTRANSERVICES has submitted a bid and is currently awaiting award notification. While the position has not yet been officially confirmed, we are actively preparing to fill the role once the bid is awarded. We are seeking qualified candidates for Senior Internet/Intranet Webmaster. This job is contingent upon the bid being awarded. Upon award, this is a 5-year contract and starts in March 2025
Overview:
SOC Platform / Infrastructure Operations is responsible for ensuring that the SOC platform itself is available and operational. This includes the shared application and technical services, as well as the system software, middleware, information security infrastructure, networks and data centers.
Advise and assist IT Security lead with IT Security architecture activities, for all IT Security information systems initiatives supporting all IT Security tools and capabilities.
Collaborate with the IT Security lead to configure, build, provide recommendations, and ensure all hardware and software is IPv6 compliant with the direction set forth by the CISO.
Create procedures and documentation for maintaining all SOC hardware and software.
Provide security device signature maintenance and performance reports; maintain the SIEM to collect and aggregate IDS/IPS data from network sensors, raw data from collection agents, firewalls, proxy servers, antivirus, vulnerability scanner elements and other security-relevant devices; enroll Enterprise and systems information into the SIEM tool and perform asset categorization and prioritization; and install or modify network security elements, tools, and other systems as required to maintain optimal coverage and performance, as approved by the Government SOC Manager
Duties:
Provide technical expertise in cyber adversary capabilities and an assessment of the intentions of these groups to conduct Computer Network Exploitation (CNE) and Computer Network Attack (CNA) against U.S. private sector and Government networks, and information systems.
Analyzes and documents security risks, breaches, and other cyber security incidents and the damage they cause.
Develops and implements a network disaster recovery plan, and oversees the monitoring of the computer networks for security issues.
Installs and operates security software and measures to protect systems and information infrastructure, including firewalls and data encryption programs.
Collaborates with the security team to perform tests and find network weaknesses.
Researches and recommends security enhancements and purchases.
Works with management to develop best practices.
Researches and keeps current on the latest IT intelligence technologies, trends, and security standards.
Trains staff on network and IT security procedures.
Basic Qualifications:
Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS twelve (12) years of experience in incident detection and response, malware analysis, and or cyber forensics.
11+ years of supervising and/or managing teams
14+ years of intrusion detection and/or incident handling experience
Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response
Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
Experience with Cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
Experience with at least 3 of these tools: ARMIS; Cloudflare; Trellix Security: Cloud/Data/Email/Endpoint/Network Security; Threat Intelligence; SIEM; Microsoft Azure/Defender/Sentinel; RSA NetWitness Logs and Packets; Rapid 7 Nexpose/App Spider; Stealthwatch Netflow; Tenable IO/Web App Scanning; Varonis Data Protection; XACTA 360/IO
Overview:
SOC Platform / Infrastructure Operations is responsible for ensuring that the SOC platform itself is available and operational. This includes the shared application and technical services, as well as the system software, middleware, information security infrastructure, networks and data centers.
Advise and assist IT Security lead with IT Security architecture activities, for all IT Security information systems initiatives supporting all IT Security tools and capabilities.
Collaborate with the IT Security lead to configure, build, provide recommendations, and ensure all hardware and software is IPv6 compliant with the direction set forth by the CISO.
Create procedures and documentation for maintaining all SOC hardware and software.
Provide security device signature maintenance and performance reports; maintain the SIEM to collect and aggregate IDS/IPS data from network sensors, raw data from collection agents, firewalls, proxy servers, antivirus, vulnerability scanner elements and other security-relevant devices; enroll Enterprise and systems information into the SIEM tool and perform asset categorization and prioritization; and install or modify network security elements, tools, and other systems as required to maintain optimal coverage and performance, as approved by the Government SOC Manager
Duties:
Provide technical expertise in cyber adversary capabilities and an assessment of the intentions of these groups to conduct Computer Network Exploitation (CNE) and Computer Network Attack (CNA) against U.S. private sector and Government networks, and information systems.
Analyzes and documents security risks, breaches, and other cyber security incidents and the damage they cause.
Develops and implements a network disaster recovery plan, and oversees the monitoring of the computer networks for security issues.
Installs and operates security software and measures to protect systems and information infrastructure, including firewalls and data encryption programs.
Collaborates with the security team to perform tests and find network weaknesses.
Researches and recommends security enhancements and purchases.
Works with management to develop best practices.
Researches and keeps current on the latest IT intelligence technologies, trends, and security standards.
Trains staff on network and IT security procedures.
Basic Qualifications:
Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS twelve (12) years of experience in incident detection and response, malware analysis, and or cyber forensics.
11+ years of supervising and/or managing teams
14+ years of intrusion detection and/or incident handling experience
Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response
Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
Experience with Cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
Experience with at least 3 of these tools: ARMIS; Cloudflare; Trellix Security: Cloud/Data/Email/Endpoint/Network Security; Threat Intelligence; SIEM; Microsoft Azure/Defender/Sentinel; RSA NetWitness Logs and Packets; Rapid 7 Nexpose/App Spider; Stealthwatch Netflow; Tenable IO/Web App Scanning; Varonis Data Protection; XACTA 360/IO
group id: 90833571
