Responsible for day to day operations and maintenance of a wide variety of Cyber Support tools, such as ArcSight SIEM, network and host-based (HBSS) Intrusion Detection Systems (IDS), Intrusion Protection Systems (IPS) and their associated architectures. Proactively monitor O&M actions through the use of dashboards and quickly resolve any anomalies. Provide periodic Quality of Service metrics demonstrating account management and system up/down time of critical components. Consistently strive to make tools more efficient and effective. Perform routine Continuous Monitoring (ConMon) activities and standard O&M procedures. Support Assessment and Authorization (A&A) activities for deployed assets as required.
Responsibilities include, but are not limited to:
- Performs engineering support and system administration of specialized cybersecurity applications, systems and networks in a Cyber Security Operations Center (CSOC) environment to include installation, configuration, maintenance, patching, and back-up/restore.
- Provides subject matter expertise in creation, editing, and management of signatures, rules, filters, and custom content for specialized cybersecurity systems including but not limited to network and host-based IDS, IPS, and SIEM systems.
- Administers cybersecurity test beds and tests and evaluates new cybersecurity applications or tools, rules/signatures, access controls, and configurations of cybersecurity platforms.
- Provides Tier 2 maintenance support for deployed cybersecurity technologies within the CSOC.
- Supports A&A activities through all steps of the Risk Management Framework (RMF).
- Identifies potential conflicts with implementation of any cybersecurity tools within the enterprise and develops recommendations to remediate these conflicts.
- Contributes to the completion of milestones associated with specific projects.
- Provides solutions to a variety of complex technical problems.
- Minimum Education: B.S. or relevant experience in related field.
- Minimum/General Experience: 3-5 years of related experience.
- Experience in a Cybersecurity Operations Center environment desired
- Minimum of 1 year experience in technology/tools specific to the target platforms.
- Experience shall be in a related security technology or discipline such as Identity and Access Management, Cybersecurity Operations, Cybersecurity Engineering, IT Security Audit, and Information Assurance.
- IAT Level II (GSEC, Security+, SSCP, or CCNA-Security) certification desired
Demonstrated technical experience:
- Experience with COTS technologies used in a Cybersecurity Operations Center environment, including network/host IDS and IPS, and SIEM technologies.
- Expertise in cybersecurity enterprise scanning and continuous monitoring, enterprise host/network security and intrusion detection.
- Expertise with cybersecurity architectural principles such as defense in depth, resilience, and integrated security operations.
- A&A support experience desired
- Ability to convert functional cybersecurity requirements into system requirements.
- Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met.
- Ability to effectively interact with various levels of senior management is necessary.
- Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice.
- Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.
- Must possess an active TS/SCI w/ a CI polygraph.