Get more qualified candidates and reduce your costs with our guaranteed recruiting solutions

Talk to an expert today

CLOSED - 2536 - Senior Security Engineer

Hybrid / Arlington - Virginia
Secret

OVERVIEW:

We are seeking a Senior Security Engineer to join our team of qualified, diverse individuals. The Security Engineer is responsible for utilizing tools such as SPLUNK to enhance monitoring capabilities and perform monitoring duties as well as expanding on the security posture of the current environment. Supports Security Operations by threat hunting and security monitoring. Builds out processes and procedures to include documenting work in SOPs. Coordinates with internal and external teams to address threats and risks via investigation and forensic analysis.

Able to perform direct and advisory roles in oversight planning and implementation of projects and initiatives. Advise management and team members of risks associated with technologies and implementation approaches and identify methods of risk mitigation. Support problem resolution and identify process improvements. Interface as needed at multiple levels of management, providing information and thought leadership in technical areas.

GENERAL DUTIES:

  • Experience with implementing, and operating Splunk or other big data platforms
  • Developing custom dashboards, data models, reports, alerts, and performance optimization for Splunk.
  • Developing complex queries using Splunk Query Language for use in advanced dashboards and alerts to promote advanced searching, forensics, and analytics.
  • Recognizing and on-boarding new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data.
  • Developing and documenting configuration standards, policies, and procedures for operating, managing and ensuring the security of system infrastructure.
  • Participating in incident, problem, and change management processes.
    Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support Incident Response Teams (IRTs).
  • Developing documentation on new or existing systems.
  • Providing system/equipment/specialized training and technical guidance.
  • Communicating with customers and teammates clearly and concisely.
    Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
  • Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan.
  • Perform analysis of log files from a variety of sources (individual host logs, network traffic logs, firewall logs, and intrusion detection system {IDS} logs) to identify possible threats to network security.
  • Please note that this position has 1st shift

REQUIRED QUALIFICATIONS:

  • BS degree and 10 to 12 years experience or MS degree with 8 to 10 years experience or a high school diploma/equivalent with minimum 14 years experience
  • 5+ years of related systems engineering experience – primarily in a government environment, dealing with business critical, high availability systems.
  • Experience configuring and utilizing monitoring/logging and security analysis solutions
    Strength in multi-tasking and prioritization in order to meet periodically changing deadlines
  • Self-starting and able to drive projects to completion in a fast-moving environment
  • Solid communication skills, both written and verbal. Able to create, discuss and explain technical documentation.
  • Development of documentation for engineering from requirements and architectural designs, and diagrams.
  • Understanding of system, network, and application security threats and vulnerabilities with the ability to establish monitoring solutions.
  • Ability to identify different tactics and techniques of attacks.
  • Strong log analysis skills.
  • Strong ability to identify logging and monitoring requirements.
  • Understanding of TCP/IP and UDP protocols, network ports/protocols, and traffic flow.
  • Understanding of Boolean logic and event correlation.
  • Recommend and implement system enhancements that improved the performance, security, and reliability of the system
  • Strong knowledge of data analysis
  • Experience implementing and monitoring security controls
  • 5+ years SOC or Cybersecurity related (required)
  • Security+ CE or other 8570 IAT level II certification (required)
  • Certified Splunk Power User or higher (required)
  • 2+ years of Splunk Application Administration experience
  • Experience creating advance Splunk dashboard (required)
  • 4+ years querying and manipulating data with at least 2+ experience with SPL (required) w. Knowledge of data types, conditions, and regular expressions.

DESIRED QUALIFICATIONS:

  • A strong work ethic
  • Ability to examine issues both strategically and analytically
  • Experience writing regular expressions
  • Experience with Microsoft Sentinel
  • Experience with DevSecOps concepts, tools and automation skills
  • Knowledge of TCP/IP, networking essentials, components, data flows, protocols, and authorization boundaries
  • Knowledge of cybersecurity frameworks and standards
  • Knowledge of cloud security
  • Knowledge of current IT security best practices
  • Knowledge of system administration, networking, and operating system hardening techniques
  • Mixed operating systems experience: (Linux, Windows)
  • Experience troubleshooting issues related to storage
  • Scripting/coding experience

CLEARANCE:

  • Secret minimum