Today
Secret
Mid Level Career (5+ yrs experience)
IT - Security
Fort Belvoir, VA (On-Site/Office)
Seeking a Sr. Cyber Defense Lead in support of the PEO Enterprise SIEM Consolidation / Cyber Defense effort. This effort is focused on the consolidation of PEO Enterprise multiple SIEM solutions (approx. 40) into one consolidated SIEM. This individual should have extensive experience with Security Operations Centers (SOC), Security Information and Event Management (SIEM) deployment and tuning as well as Security Orchestration Automation and Response (SOAR) development and implementation.
Responsibilities:
• Establish an Enterprise Cyber Defense Policy to standardize cyber defense practices for PEO Enterprise programs
• Implement and lead a centralized cyber defense team
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for the inclusion into the risk mitigation strategy
• Provide daily summary reports of network events and activity relevant to cyber defense practices
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
• Identify applications and operating systems of a network device based on network traffic
• Skill in detecting host and network-based intrusions via intrusion detection technologies
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
• Provide cybersecurity related strategic leadership support
• Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan
• Examine network topologies to understand data flows through the network
Desired Skills:
• Understanding of the MITRE ATT&CK framework
• Knowledge of authentication, authorization, and access control methods
• Knowledge of common adversary tactics, techniques, and procedures in assigned area of responsibility (i.e., historical country-specific tactics, techniques, and procedures; emerging capabilities)
• Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES])
• Experience with Army policies, regulations, and processes preferred
Pay Range: $140,000-160,000
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
· This position requires an active DoD Clearance (Secret, Top Secret, Top Secret/SCI) or the ability to be obtain an (Interim Secret, Interim Top Secret)
· Because an active or interim DoD clearance is required, U.S. Citizenship is required
Responsibilities:
• Establish an Enterprise Cyber Defense Policy to standardize cyber defense practices for PEO Enterprise programs
• Implement and lead a centralized cyber defense team
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for the inclusion into the risk mitigation strategy
• Provide daily summary reports of network events and activity relevant to cyber defense practices
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
• Identify applications and operating systems of a network device based on network traffic
• Skill in detecting host and network-based intrusions via intrusion detection technologies
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
• Provide cybersecurity related strategic leadership support
• Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan
• Examine network topologies to understand data flows through the network
Desired Skills:
• Understanding of the MITRE ATT&CK framework
• Knowledge of authentication, authorization, and access control methods
• Knowledge of common adversary tactics, techniques, and procedures in assigned area of responsibility (i.e., historical country-specific tactics, techniques, and procedures; emerging capabilities)
• Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES])
• Experience with Army policies, regulations, and processes preferred
Pay Range: $140,000-160,000
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
· This position requires an active DoD Clearance (Secret, Top Secret, Top Secret/SCI) or the ability to be obtain an (Interim Secret, Interim Top Secret)
· Because an active or interim DoD clearance is required, U.S. Citizenship is required
group id: 10105424
Accelerating IT transformation in the public sector
