Leidos currently has an opening for a Cyber Security Specialist, Senior to work remotely from your home office within the United States. The core schedule for this role is Sunday-Wednesday / 8am-6:30 pm . This is an exciting opportunity to use your experience helping the IOSS mission. The mission of the Department of Veterans Affairs (VA), Office of Information & Technology (OI&T), Information Technology (IT) Operations and Services (ITOPS), Infrastructure Operations (IO) is to support One VA world-class service to Veterans and their families by delivering results-oriented, secure, highly available, and cost-effective information technology services. IO support helps to provide critical services focusing on consistent availability of Veteran-facing applications and quick delivery of benefits for Veterans.
Perform support services within the ITOPS IO Security Management Division. This division is charged with establishing a centralized security program to address security with ITOPS IO's projects. Some security tasks are currently accomplished utilizing various tools, technologies, and processes that are not standardized across ITOPS (i.e. AITC, HITC, PITC, QITC, CITC, Regional Data Centers, Business Partner Extensions, External Cloud environments). Not all IT security functions are currently managed under a standardized set of processes and technologies or in a centralized format. In some cases, more than one process exists for a single function, i.e. access requests. In other cases, while a process or security system exists, its use is not commonplace at all applicable sites.
Technical Security Support
The data center environment requires additional coverage to manage the security tools and the growing technical security responsibilities across ITOPS IO in order to secure Veterans' data and important VA systems 24x7x365. The ITOPS IO approved Security Monitoring product support process is to deploy a three-shift Technical Security Section for 24x7x365. The Contractor shall provide 24x7x365 support services coverage. The Technical Security support is to be centralized at AITC with tools implemented across ITOPS.
1st shift: Keep security tools tuned and coordinated with the necessary security posture within ITOPS, and any other locations identified. The support services required include analyzing current security tools and datacenter environments to ensure all security environments needing attention get the attention required per policy and customization needed with the different applications or datacenter solutions. Handle critical/important day-to-day Change Order management and ITOPS IO project involvement. Handle current and future security tool architecture design. The ITOPS IO Technical Security group relies on advanced tuning of existing IT security products to detect, protect and forward critical security alerts to the ITOPS IO Security Monitoring group, Nation Service Desk (NSD), Information Security Officers (ISOs) and the VA National Security Operations Center (NSOC) on alerts related to VA compliance policy violations, Advanced Persistent Threats (APT's). Forensics and any other IT Security related issues that need 24x7x365 support.
The ITOPS IO security network will be interconnected among the different data centers (i.e. AITC, HITC, PITC, QITC, CITC, Regional Data Centers, Business Partner Extensions, External Cloud environments) in a separate private security network. Each data center's security network will be separated by a firewall to only allow other data center security network connectivity using VA's existing network. This allows for the separation of environments to keep event log data as required by policy to where only designated INFOSEC personnel have access into this security network from the various ITOPS IO network locations. This ITOPS IO Information Technology Center (ITC) security network will also provide the redundancy needed for security network and security tool availability. ITOPS IO security tool standardization will be implemented along with the technical security processes that are in place at AITC. The redundancy for each ITC will include Intrusion Protection Systems / Intrusion Detection Systems (IPS/IDS), vulnerability and compliance assessment tools, Security Information and Event Management (SIEM), Web Application Firewall (WAF), dedicated malware protection architecture, Network Access Control (NAC), virtualization security, and the core infrastructure for the security network along with ITC technical security personnel to overlap and provide the 24x7x365 support needed. Incident response procedures and processes at all datacenters are to be unified to complement the security incident response process that the rest of VA uses, including integrating with the NSOC and Field Security. Incident tracking is performed using the NSD and Remedy.
The centralization of security tools, processes and incident handling provides the in-depth security posture and metric information needed for the datacenter environments. Standardizing on these tools may require additional training for other security staff at the sites.
In support of these Technical Security efforts, Perform the following tasks daily:
- Perform assessments and compliance activities using central managed vulnerability scan engines to perform operating systems, network devices, databases and applications assessments.
- Perform collection and analysis of all operating systems logs, network device logs, network flows, intrusion prevention and intrusion detection, vulnerability assessment, network firewall, web application firewall and virtual environment logs and provide centralized correlation, alerting, log archiving, asset discovery and behavior analysis configuration using an IBM QRadar Security Information and Event Manager (SIEM) or equivalent.
- Perform real-time network and system protection, detection and log analysis using Sourcefire Intrusion Prevention System/Intrusion Detection System (IPS/IDS) or equivalent sensors centrally managed with Sourcefire Defense Center console or equivalent providing network awareness and vulnerability intelligence.
- Perform web application vulnerability assessments and reporting using web application assessment software, which also provides web application security intelligence to the Web Application Firewall solution.
- Perform real-time web application protection against SQL injection attacks, malicious bots, zero-day attacks, data loss and defacement protection and any other Web Application attacks that exist including Payment Card Industry Data Security Standard (PCI DSS) compliance using Web Application Firewall technology. PCI compliance and reporting is performed by VA.
- Perform end user device threat containment and access control to ensure VA security policies and restrictions in the Information Technology Center network using Network Access Control technology are adhered.
- Perform real-time network and system malware protection, detection and log analysis using Malware Protection System.
- Prepare and conduct status briefings and resolve issues in support of senior managers and VA leadership upon request from COR/VA PMs.
- Review and maintain Standard Operating Procedures for the Intrusion Prevention Systems Intrusion Detection Systems (IPS/IDS), Security Information and Event Manager (SIEM), Vulnerability assessments using Tenable Security Center or equivalent, Incident Response, Web Application Firewall (WAF), VMware or equivalent, Network Admission Control Systems (NAC), Malware Protection System (MPS) and any other ITOPS IO Technical Security activities and processes that may need SOP's reviewed and maintained.
ITOPS IO Technical Security Service Line provides IT Security threat reporting and analytics on IPS/IDS, SIEM, Web Application Firewall (WAF), Malware Protection System (MPS), Network Admission Control Systems (NAC) and IT Security threat information to ITOPS IO, ITOPS IO customer and other VA national groups. Provide SWAT, ESD ticket reporting along with any daily, weekly and monthly reports to maintain the same general tasking and service request management related to ITOPS IO Security Monitoring and Scanning (SM&S) reporting tasks.
In support of the ITOPS IO security analytics efforts, the Contractor shall provide the following support services including:
- Conversion, culling, and creation of electronic ITOPS IO IT Security threat data from IPS/IDS, SIEM, WAF, MPS, NAC, and Vulnerability data into manual or automated reporting.
- Preparing ITOPS IO IT Security threat reports per client specifications.
- Using automated IT Security dashboard tools similar or equal to Governance Risk and Compliance (GRC) Security Operations Management or GRC IT Security Threat reporting.
- Monitoring the SIEM and IDS/IPS for alerts and offenses and taking the appropriate action by creating reports or contacting the appropriate staff to determine True/False Positives
- Bachelor's Degree in computer science, electronics engineering or other engineering or technical discipline plus 10 years of experience is required. An additional 8 years of experience may be substituted for education.
- Experience with SIEM, IDS/IPS, and WAF
- Ability to gain Public Trust Clearance
- US Citizen