Description
The Cyber Analyst provide security architecture services to support Systems Development and Engineering initiatives to ensure appropriate security controls are in place to meet federal requirements and protect systems and data. The Cyber SME shall support and operationally maintain the existing and future SOC tool suite. Current tool suite includes: Tenable SecurityCenter, WebInspect, DBProtect, Encase, Splunk, Cisco Firepower (IPS), and Cisco APM for Endpoints, Websense, Endace, and IXIA. Operational maintenance includes activities including but not limited to signature/filter/plugin updates/tuning, IDS/IPS rule creation, Splunk App integration. They will manage the lifecycle and ongoing security enhancement of the security tools they administer by applying operating system and tool patches and updates. Will be the expert analysis, current capabilities, or future design options to technical and executive staff as needed.
Designs, develops or recommends integrated security system that will ensure the customer’s proprietary/confidential and external customers’ privacy data and systems are protected. Provides technical engineering services for the support of integrated security systems and solutions to manage information-related risks. Participates with the customer in the strategic design process to translate security and business requirements into technical designs. Configures and validates secure systems and physical controls, and tests security products and systems to detect security weakness.
Roles and Responsibilities;
Shall adhere to the Project Management and Change Management processes and will play on active role in the Project and Change Management process to manage the security tool suite.
Shall provide integration and implantation services for security tools procured under the Department of Homeland Security’s Continuous Monitoring as a Service (CMaas) and Continuous Diagnostic and Mitigation (CDM) efforts and advise the customer on the direction DHS is heading with respect to future task orders or enhancements to CMaas or CDM.
Shall monitor security trends, perform feasibility studies of new technologies and provide support to adopt new technologies that mature the operational security posture of the FERC SOC. Future capabilities include but are not limited to: Data Loss Prevention (DLP), Secure Socket Layer (SSL) decryption, database encryption, insider threat detection, and Cloud Access Security Broker (CASB).
Shall provide responses to audits or data calls related to cybersecurity infrastructure, including but not limited to, FISMA audits, OMB, CyberScope, and DHS.
Qualifications
Bachelor’s degree and a minimum of 9 years’ experience in security engineering, SOC operations and cyber security best practices.
CISSP and/or SANS/GIAC Certification
Experience with Data Center Operations
Experience with information security devices (e. g., firewalls, and intrusion detection/prevention systems), applications and security management tools (e.g., NetForensics, ArcSight, Symantic EndPoint, FireEye, Imperva).
Experience working in a network security incident response team, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC)
Active Top Secret (TS) Clearance
Must reside in the DC Metro Area
Desired Qualifications
Bachelor’s degree in technical field
Prior experience in government commissions a plus.