Leidos is seeking a Senior Cyber Security Engineer to work in either Vicksburg, MS, or Hillsboro, OR (preferred). Alternatively the following locations may be available for the right candidate: New York, Hanover, Philadelphia, DC, Atlanta, Los Angeles, Fort Worth, Colorado Springs. Periodic telework is available.
Leads security event monitoring and security configuration of Palo Alto Firewall/IDPS, Cisco ASA, Sourcefire, FireEye, BRO, SNORT and similar intrusion detection and prevention technologies.
Ability to configure and support SIEM platforms like ArcSight, ELK or similar.
Proven experience and ability to leverage CND analyst toolsets to detect and respond to IT security incidents.
Ability to implement standard procedures for intrusion and related cyber incident response.
Conducts research and document threats and their behavior to include monitoring internal and external cyber threat intelligence sources.
Provide recommendations to threat mitigation strategies.
Perform routine event reporting over time including trend reporting and analysis. Experience required in security or network technology (Unix/Windows OS, Cisco/Juniper Routing-Switching) within a hands-on design/Implementation/Administration role.
Demonstrates in-depth knowledge of TCP-IP protocol implementations for all common network services.
Professionally certified, within a CND discipline, as Technical Level III as defined by DODI 8570 is a requirement.
• Configure and maintain various cyber security platforms
• Define/Maintain security configurations and policies for IDS/IPS technologies
• Maintain detection signatures; deploy new detection signatures
• Monitor SIEM events related to implemented IDS/IPS technologies
• Configure and enforce audit and logging policies for IDS/IPS technologies
• Define/monitor STIG compliance of intrusion management technologies
8+ years overall relevant experience required:
- Palo Alto, ASA, Sourcefire, SNORT, BRO, similar IDS/IPS technologies
- Windows and Linux Operating Systems both workstation and servers
- ArcSight SIEM
- Intrusion incident response
Requires a Bachelors Degree from an accredited university/college in Computer Science, Information Technology, Science, Mathematics or related field and 8 to 14 years of prior relevant experience or Masters with 5 to 10 years of prior relevant experience.
CISSP and PCNSE or CCNA-Security
Clearance: Must possess current/active Top Secret clearance and be TS/SCI eligible
Palo Alto Firewall and IDS/IPS, Sourcefire, FireEye, Arcsight/SIEM, JRSS, ASA, Linux System Administration; Windows Server OS, Cisco IOS, Checkpoints, Forcepoint, Wireshark, tcpdump