Leads security event monitoring and security configuration of Palo Alto Firewall/IDPS, Sourcefire, FireEye, BRO, SNORT and similar intrusion detection and prevention technologies.
Ability to configure and support SIEM platforms like ArcSight, Splunk, Kafka or similar.
Proven experience and ability to leverage CND analyst toolsets to detect and respond to IT security incidents.
Ability to implement standard procedures for intrusion and related cyber incident response.
Conducts research and document threats and their behavior to include monitoring internal and external cyber threat intelligence sources.
Provide recommendations to threat mitigation strategies.
Perform routine event reporting over time including trend reporting and analysis. Experience required in security or network technology (Unix/Windows OS, Cisco/Juniper Routing-Switching) within a hands-on design/Implementation/Administration role.
Demonstrates in-depth knowledge of TCP-IP protocol implementations for all common network services.
Professionally certified, within a CND discipline, as Technical Level III as defined by DODI 8570 is a requirement.
• Configure and maintain various cyber security platforms
• Define/Maintain security configurations and policies for IDS/IPS technologies
• Maintain detection signatures; deploy new detection signatures
• Monitor SIEM events related to implemented IDS/IPS technologies
• Configure and enforce audit and logging policies for IDS/IPS technologies
• Define/monitor STIG compliance of intrusion management technologies
Bachelor's degree from accredited university/college in Computer Science, Information Technology or related field; Associates degree with five additional years applicable experience acceptable.
8+ years overall relevant experience required:
- Palo Alto, Sourcefire, SNORT, BRO, similar IDS/IPS technologies
- Windows and Linux Operating Systems both workstation and servers
- ArcSight SIEM
- Intrusion incident response
CISSP or CEH, and computing environment certification in IDS/IPS technology, CCNA-Security, or equivalent to meet 8570 IAT-III certification requirements.
Clearance: Must possess current/active Secret clearance
Palo Alto Firewall and IDS/IPS, Sourcefire, FireEye, Arcsight/SIEM, JRSS, ASA, Linux System Administration; Windows Server OS, Cisco IOS