SOC Engineer

ECS Federal, LLC
Washington, DC
Jul 20, 2021
Jul 23, 2021
Engineer, IT, QA Engineer
Full Time
ECS is seeking a SOC Engineer to work in our Washington, DC office. Job Description: Essential Job Functions: Actively monitor the network infrastructure and network audit logs for potential breaches in security and implement appropriate remediation. Remediate security problems identified by the Security Operations Center or another responsible source.Provide real-time monitoring and situational awareness of security events and first-tier incident response and escalation to the Enterprise Security Operations Center (ESOC) per incident response policy and procedures.Manage and maintain a domain of SOC-related tools. Tasks include user management, Windows/Linux patching, SQL database management, cloud platforms (Azure/AWS), workstation management (Windows/Linux/Mac), documentation, etc. Maintain and enhance existing Data Loss Prevention (DLP) capability and services to support active blocking of Personally Identifiable Information (PII) and any other information identified in agency policies for the campus infrastructure and supported components and develop dashboard reporting elements for Senior and Executive management.Manage and maintain McAfee Security Endpoint Management solution.Conduct regular vulnerability scanning, reporting, and assessment of supported systems.In coordination with the GTR and Managed Trusted Internet Protocol Services (MTIPS), review and manage security policies enforced at the MTIPS inspection Level for the agency and the bureaus.Perform annual review and updates of policies for security tools on the network and other bureaus as directed.Perform Tenable Nessus scans. Average, 35-40 scans are run a month.Proactively monitor and provide near-real-time cybersecurity status and reports to enable timely decision-making for 24/7 operations.Maintain enterprise dashboards to provide situational awareness of cyber threats, events, and incidents to enable priority-based resourcing decisions.Develop and maintain a continuous improvement process to innovate the overall cybersecurity posture, including correlating and analyzing cybersecurity events and threats.Forward and store all log data from firewalls, packet capture, web proxy services, network flow analysis, intrusion detection, and malware analysis tools to a centralized repository and perform analysis on anomalous behavior.Correlate events throughout the enterprise to provide an early warning capability and provide trending data that enable decision-makers to prioritize cyber mitigation efforts and investment strategies.H old monthly collaboration forums to enable all organization's incident management teams to share indicators of compromise, cybersecurity intelligence, and ideas to improve communications among teams.Maintain a database to store and analyze website application vulnerability information.Adhere to DHS reporting requirements as specified in DHS 4300A Sensitive Systems Handbook, Attachment E, FISMA Reporting (TBR).Coordinate with intelligence-sharing partners, peers, and customers, including the Defense Industrial Base (DIB) as well as any Information Sharing and Analysis Centers (ISACs) as permitted.Leverage existing OU investments, data sources, enterprise security initiatives, and partnerships with external cyber entities to maintain a common operating picture.Integrate, correlate, and enrich disparate information sources to provide actionable intelligence and advice to network and system operators as well as to bureau and departmental management.Develop documents and document templates, conduct briefings.Promote an environment of continuous process improvement, learning, and team collaboration.Required Skills:A bachelor's degree in a related fieldPublic Trust suitability5+ years of experience in the following areas:SOC Operations, Tenable,Forcepoint Security Manager (Websense)McAfee Network Security ManagerKnows SIEM, TripWire, Websense (ForcePoint) DLP, networks, system adminePolicy Orchestrator (ePO)Security information and event management (SIEM)Working knowledge of:AWS CloudAzure CloudTripwireIxia VisionSplunkCisco FirepowerMicrosoft (Active Directory Server)Fortify (WebInspect)FirewallsNetworkingWindows, Linux, and Mac patching and workstation management Excellent customer service and organization skillsExcellent oral and written communication skillsFamiliar with information security and assurance principles and associated supporting technologiesECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.

Similar jobs