Summary: This position must be able to perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
- Ability to take lead on incident research when appropriate and be able to coordinate with CSOC analysts.Ability to read, interpret, write and recommend SNORT rules as well as determine their impact on the sensors and Enterprise.Conduct research on emerging security threats. Provides correlation and trending of Program's cyber incident activity.Develops threat trend analysis reports and metrics.Supports CSOC analysis, handling and response activity.Maintains situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents.Author Standard Operating Procedures (SOPs) and training documentation when needed.Participates in special projects as required.
- 5+ years of related experience in information technology security.Experience managing cases with enterprise SIEM systems like Splunk and SourceFire.Understanding of Cyber Security Incident Response and Network Security Monitoring.Fundamental understanding of computer networking (TCP/IP).Knowledge of Windows, LINUX, CISCO operating systems and information security.Knowledge of Intrusion Detection System (IDS) and SIEM technologies; SPLUNK, Firewalls, and Sourcefire and similar tools.Deep packet and log analysis.Cyber Threat and Intelligence gathering and analysis.Knowledge and experience with scripting and programming (Python, PERL, etc.) are highly preferred.Maintains current knowledge of relevant technology as assigned.Participates in special projects as required.Must be able to attain a Public Trust clearance.