DHS HSEN - Senior Security Tools Engineer with Security Clearance
Versar Global Solutions
2024-11-07 20:42:25
Washington, District of Columbia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Position Summary BayFirst Solutions, a subsidiary of Versar, Inc., is seeking a Senior Security Tools Engineer to support the DHS' Homeland Security Enterprise Network (HSEN) within the Office of the Chief Information Officer (OCIO), IT Operations, Enterprise Engineering Division (EED). This Security Tools Engineer will be a member of a high functioning team of network and security engineers, data center specialists, and stakeholder groups, such as the DHS Network Operations Security Center - Cyber (NOSC-Cyber), ISSOs, and industry vendors, working to continually strengthen and secure HSEN and its data. The candidate's primary responsibilities are to provide for enhanced security monitoring and to own the creation, documentation, and administration to a category of security hardware and software to include tool areas like Data Migration Assistant (DMA), Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), malware analysis, forensics, encryption, continuous monitoring tools, and incident and case tracking and ticketing. This role is eligible for full-time telework. Duties / Responsibilities Provide support for the administration, maintenance, configuration, patching, upgrades and optimization of security tools, devices, application systems, and servers and sensors within the cybersecurity infrastructure
Maintain SIEM applications to collect and aggregate IDS and IPS data from network sensors, raw data from collection agents, firewalls, proxy servers, DLP, antivirus, vulnerability scanner elements, and other security relevant devices
Support and evolve the interfaces between network, SOC, and systems information into the SIEM tool using information from the Information Assurance Compliance System (Xacta) and input from ISSOs; perform asset categorization and prioritization.
Ensure tools administration with disaster recovery and fail-over procedures in place for security tools, databases, server roles to include but not limited to: (DNS, Adm , Remote desktop), Active Directory, DNS, Remote Desktop, Domain Tools, Infoblox DNS Threat Analytics, DbProtect, Venafi, RedSeal, Burp Suite Pro, Suricata, SAVScan, NetWitness, ArcSight, FireEye, Swimlane, Splunk, Grafana, Crowdstrike, Wireshark, Broadcom Bluecoat, Sophos, Palo Alto MineMeld, Palo Alto DLP, Mcafee (ePO, DLP), Volexity, Symantec Endpoint Protection, ProofPoint, O365 DLP. FireEye (EX, HX, NX), CA PAM, Thycotic Secret Server, Sailpoint, RSA Archer, Tenable/Nessus, Tanium, and EnCase
Minimum Qualifications / Requirements At least six (6) years of professional experience in an IT Services environment, providing technical support with emphasis on cybersecurity and security tools
Demonstrated experience with network and security management tool suites, with an emphasis on SIEM and SOAR solutions
Knowledge of deploying, developing and maintaining in a virtual environment
Strong tools customization and integration skills, database, scripting and web front-end experience
Working knowledge of a variety of security / networking technologies to communicate and collaborate on issues and solutions with other engineers
Strong knowledge of IT security related to networks and applications with solutions to
Must be resourceful in learning a very complex and dynamically changing network
Must be a self-starter, able to work independently, and able to manage time effectively
Working knowledge of cloud platforms such as AWS, Azure
Past experience working in a fast-paced SOC or NOC environment is a plus
Ability to communicate effectively with all levels of an organization from engineering, operations, and management
U.S. citizenship required and eligibility for a DHS EOD is required to be considered for this position.
Education BA or BS (Cyber Security, Computer Science, Information Systems, Software Engineering, Computer Engineering, or related field); relevant experience may be a substitute for education. Certifications Desired Certification involving cybersecurity
Comptia Security+
Software/Hardware Desired Splunk
Swinlane
Knowledge of at least one programming or scripting language (ex. Python, PowerShell, PHP, Perl)
Windows/Linux experience