Leads configuration and management of network and cyber security platforms for USACE in JRSS.
Understanding and experience of Tipping Point, Fidelis, BRO, Sourcefire, Lancope, Inquest and similar intrusion detection and prevention technologies.
Ability to configure and support SIEM platforms like ArcSight, Data Orchestrator, Kafka or similar.
Proven experience and ability to leverage CND analyst toolsets to detect and respond to IT security incidents.
Ability to implement standard procedures for intrusion and related cyber incident response.
Conducts research and document threats and their behavior to include monitoring internal and external cyber threat intelligence sources.
Provide recommendations to threat mitigation strategies.
Perform routine event reporting over time including trend reporting and analysis. Experience required in security or network technology (Unix/Windows OS, Cisco/Juniper Routing-Switching) within a hands-on design/Implementation/Administration role.
Demonstrates in-depth knowledge of TCP-IP protocol implementations for all common network services.
• Configure and maintain various cyber security platforms
• Define/Maintain security configurations and policies for IDS/IPS technologies
• Maintain detection signatures; deploy new detection signatures
• Monitor SIEM events related to implemented IDS/IPS technologies
• Configure and enforce audit and logging policies for IDS/IPS technologies
• Define/monitor STIG compliance of intrusion management technologies
Professionally certified, within a CND discipline, as Technical Level III as defined by DODI 8570 is a requirement.
Bachelor's degree from accredited university/college in Computer Science, Information Technology or related field; Associates degree with five additional years applicable experience acceptable.
4 to 8 years overall relevant experience required:
- ArcSight: Loggers, ESM and Connectors
- Data Orchestrator
- Tipping Point, Sourcefire, Lancope, BRO and similar IDPS technologies
- Fidelis, Opswat, Inquest
- Windows and Linux Operating Systems
Security+ with ability to get CISSP/CEH/CySA or other DOD 8570 compatible cert
Computing environment certification in IDS/IPS technology, CCNA-Security, or equivalent to meet 8570 IAT-III certification requirements.
Clearance: Must possess current/active Secret clearance with ability to get Top Secret
JRSS, Arcsight, Data Orchestrator, Sourcefire, Fidelis, Inquest, Linux System Administration; Windows Server OS