Leidos currently has an opening for a Sr. Cyber Security Specialist who will work from the Department of Veteran Affairs facility in Austin, TX. This position is onsite with no remote ability. Scheduled hours are Monday - Friday 8:00am - 4:30pm.
This is an exciting opportunity to use your experience helping the IOSS mission. The mission of the Department of Veterans Affairs (VA), Office of Information & Technology (OI&T), Information Technology (IT) Operations and Services (ITOPS), Infrastructure Operations (IO) is to support One VA world-class service to Veterans and their families by delivering results-oriented, secure, highly available, and cost-effective information technology services. IO support helps to provide critical services focusing on consistent availability of Veteran-facing applications and quick delivery of benefits for Veterans
- The Cyber Security Specialist will support services within the ITOPS IO Security Management Division. This division is charged with establishing a centralized security program to address security with ITOPS IO's projects.
- Assessments and compliance activities using central managed vulnerability scan engines to perform operating systems, network devices, databases and applications assessments.
- Perform collection and analysis of all operating systems logs, network device logs, network flows, intrusion prevention and intrusion detection, vulnerability assessment, network firewall, web application firewall and virtual environment logs and provide centralized correlation, alerting, log archiving, asset discovery and behavior analysis configuration using an IBM QRadar Security Information and Event Manager (SIEM) or equivalent.
- Real-time network and system protection, detection and log analysis using Sourcefire Intrusion Prevention System/Intrusion Detection System (IPS/IDS) or equivalent sensors centrally managed with Sourcefire Defense Center console or equivalent providing network awareness and vulnerability intelligence.
- Web application vulnerability assessments and reporting using web application assessment software, which also provides web application security intelligence to the Web Application Firewall solution.
- Real-time web application protection against SQL injection attacks, malicious bots, zero-day attacks, data loss and defacement protection and any other Web Application attacks that exist including Payment Card Industry Data Security Standard (PCI DSS) compliance using Web Application Firewall technology. PCI compliance and reporting is performed by VA.
- End user device threat containment and access control to ensure VA security policies and restrictions in the Information Technology Center network using Network Access Control technology are adhered.
- Network and system malware protection, detection and log analysis using Malware Protection System.
- Prepare and conduct status briefings and resolve issues in support of senior managers and VA leadership upon request from COR/VA PMs.
- Review and maintain Standard Operating Procedures for the Intrusion Prevention Systems Intrusion Detection Systems (IPS/IDS), Security Information and Event Manager (SIEM), Vulnerability assessments using Tenable Security Center or equivalent, Incident Response, Web Application Firewall (WAF), VMware or equivalent, Network Admission Control Systems (NAC), Malware Protection System (MPS) and any other ITOPS IO Technical Security activities and processes that may need SOP's reviewed and maintained.
- Bachelor's Degree in computer science, electronics engineering or other engineering or technical discipline plus 10 years of experience is required. An additional 8 years of experience may be substituted for education.
- US Citizen with the ability to obtain Public Trust Clearance
- Over 5 years professional experience, including at least two years of insider threat, user behavior analysis (UBA), or high-tech investigation program experience.
- Experience configuring and utilizing user and/or entity behavior analytics (UBA/UEBA) platforms (preferably QRadar UBA).
- Advanced understanding of enterprise networking concepts and protocols.
- Knowledge of mainstream desktop/server operating systems (UNIX, Windows, OSX, Linux)
- Excellent written and oral communication skills.
- Advanced knowledge and experience using QRadar
- Experience with analysis of security events from multiple sources including but not limited to events from Security Information Monitoring (SIEM) tools, network and host based intrusion detection systems, firewall logs, system logs (Unix and Windows), mainframes, mid-range, applications, and databases.
- Comprehensive understanding of adversarial exploitation, privilege escalation, persistence, and lateral movement techniques.
- Knowledge of cloud computing platforms including Amazon Web Services (AWS) and Azure