Cyber Security

Responsibilities

Network monitoring

to provide complete visibility into digital activity and better

detect anomalies

Prevention techniques

to deter and deflect a range of known and unknown risks

Threat detection and intelligence capabilities that assess the origin, impact and severity of each

cybersecurity incident

Decisive incident response and remediation using a blend of automated technologies and human intervention

Reporting to ensure all

incidents and threats are fed into the data repository , making it more precise and responsive in the future

Risk and compliance capabilities to ensure industry and government regulations are followed

Determine

security violations and inefficiencies by conducting periodic audits

Upgrade our network and infrastructure systems

Implement and maintain security controls

Identify and solve potential and actual security problems

Assess the current situation, evaluating trends and anticipating security requirements

Keep users informed by preparing performance reports; communicating system status

Maintain quality service by following organization standards

Maintain technical knowledge by attending educational workshops

Contribute to team effort by accomplishing related results as needed

Requirements

Advanced certifications such as SANS GIAC / GCIA / GCIH, CISSP or CASP and / or SIEM-specific training and certification

Advanced understanding of TCP / IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.

Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations

Experience with vulnerability scanning solutions

Familiarity with the DOD Information Assurance Vulnerability Management program.

Proficiency with any of the following : Anti-Virus, HIPS, ID / PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security

In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro / McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)

Experience developing and deploying signatures (e.g. YARA, Snort, Suricata, HIPS)

Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands

#J-18808-Ljbffr