Yesterday
Unspecified
Mid Level Career (5+ yrs experience)
IT - Security
Washing, DC (On/Off-Site)
Statement of Status: eTRANSERVICES has submitted a bid and is currently awaiting award notification. While the position has not yet been officially confirmed, we are actively preparing to fill the role once the bid is awarded. We are seeking qualified candidates for Senior Internet/Intranet Webmaster. This job is contingent upon the bid being awarded. Upon award, this is a 5-year contract and starts in March 2025
Overview:
Provide a Monitoring and Analysis support group to actively review all SOC data feeds, analytical systems, sensor platforms, and output from other SOC tool products
Provide written or oral reports of findings to the government SOC lead, and ISSM for further investigation or for action.
Participate in a variety of Information System Security (ISS) activities, including: monitoring of systems status; escalating and reporting potential incidents; creating and updating incident cases and tickets; risk assessment analysis for High Assurance Gateway (HAG) access and Web Access Requests (WARs); analyzing ISS reports; applying various antivirus, intrusion detection, DMA, and vulnerability assessment tools, techniques and procedures; authoring and implementing custom detection content; tuning the Security Information and Event Management (SIEM) and Intrusion Detection System/Intrusion Prevention System (IDS/IPS) events to minimize false positives; authoring and maintaining custom SIEM content; program analysis and review; hardware and software evaluation and analysis; process improvement; data management; and coordination and reporting of ISS-related incidents
Provide 5 days a week during normal operation hours between 0800-1630 monitoring and analysis of all security feeds, including General Services Administration's (GSA) Managed Trusted Internet Protocol Services (MTIPS), Trusted Internet Connections (TIC), and Policy Enforcement Points (PEP).
Investigate and positively identify anomalous events detected by security devices or reported to the SOC by external entities, components, system administrators, and the user community via security monitoring platforms and tools, incoming phone calls, and emails.
As a part of the Monitoring and Analysis support group, be required to participate in assembling, evaluating, installing, and maintaining various intrusion detection sensors and associated software applications.
Provide informal investigation, review, and recommendation documentation as necessary. Deliverables for Monitoring and Analysis Support include, but are not limited to, daily summary informal reports based on security event analysis and Technical Evaluation Reports (TER)Function:
Collaborate with the security team to perform tests and find network weaknesses.
Research and recommend security enhancements and purchases.
Works with management to develop best practices.
Researches and keeps current on the latest IT intelligence technologies, trends, and security standards.
Trains staff on network and IT security procedures.
Basic Qualifications:
Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS twelve (12) years of experience in incident detection and response, malware analysis, and or cyber forensics.
6+ years of supervising and/or managing teams
8+ years of intrusion detection and/or incident handling experience
Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response
Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
Experience with Cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
Experience with at least 3 of these tools: ARMIS; Cloudflare; Trellix Security: Cloud/Data/Email/Endpoint/Network Security; Threat Intelligence; SIEM; Microsoft Azure/Defender/Sentinel; RSA NetWitness Logs and Packets; Rapid 7 Nexpose/App Spider; Stealthwatch Netflow; Tenable IO/Web App Scanning; Varonis Data Protection; XACTA 360/IO
Overview:
Provide a Monitoring and Analysis support group to actively review all SOC data feeds, analytical systems, sensor platforms, and output from other SOC tool products
Provide written or oral reports of findings to the government SOC lead, and ISSM for further investigation or for action.
Participate in a variety of Information System Security (ISS) activities, including: monitoring of systems status; escalating and reporting potential incidents; creating and updating incident cases and tickets; risk assessment analysis for High Assurance Gateway (HAG) access and Web Access Requests (WARs); analyzing ISS reports; applying various antivirus, intrusion detection, DMA, and vulnerability assessment tools, techniques and procedures; authoring and implementing custom detection content; tuning the Security Information and Event Management (SIEM) and Intrusion Detection System/Intrusion Prevention System (IDS/IPS) events to minimize false positives; authoring and maintaining custom SIEM content; program analysis and review; hardware and software evaluation and analysis; process improvement; data management; and coordination and reporting of ISS-related incidents
Provide 5 days a week during normal operation hours between 0800-1630 monitoring and analysis of all security feeds, including General Services Administration's (GSA) Managed Trusted Internet Protocol Services (MTIPS), Trusted Internet Connections (TIC), and Policy Enforcement Points (PEP).
Investigate and positively identify anomalous events detected by security devices or reported to the SOC by external entities, components, system administrators, and the user community via security monitoring platforms and tools, incoming phone calls, and emails.
As a part of the Monitoring and Analysis support group, be required to participate in assembling, evaluating, installing, and maintaining various intrusion detection sensors and associated software applications.
Provide informal investigation, review, and recommendation documentation as necessary. Deliverables for Monitoring and Analysis Support include, but are not limited to, daily summary informal reports based on security event analysis and Technical Evaluation Reports (TER)Function:
Collaborate with the security team to perform tests and find network weaknesses.
Research and recommend security enhancements and purchases.
Works with management to develop best practices.
Researches and keeps current on the latest IT intelligence technologies, trends, and security standards.
Trains staff on network and IT security procedures.
Basic Qualifications:
Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS twelve (12) years of experience in incident detection and response, malware analysis, and or cyber forensics.
6+ years of supervising and/or managing teams
8+ years of intrusion detection and/or incident handling experience
Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response
Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
Experience with Cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
Experience with at least 3 of these tools: ARMIS; Cloudflare; Trellix Security: Cloud/Data/Email/Endpoint/Network Security; Threat Intelligence; SIEM; Microsoft Azure/Defender/Sentinel; RSA NetWitness Logs and Packets; Rapid 7 Nexpose/App Spider; Stealthwatch Netflow; Tenable IO/Web App Scanning; Varonis Data Protection; XACTA 360/IO
group id: 90833571
