SOC Engineer
Goldbelt Hawk designs, develops, and implements comprehensive solutions for problem spaces including computer security, scalable architectures, advanced analytics, artificial intelligence, and network/data center operations.
Specializing in incident response at the local and enterprise-wide levels as well as forensic analysis, our personnel deliver threat analysis and reporting while implementing solutions based on mature planning and development practices.
Summary:
Goldbelt Hawk is looking for a Security Operation Center (SOC) Engineer in support of a task in Washington, DC.
Essential Job Functions:
Actively monitor the network infrastructure and network audit logs for potential breaches in security and implement appropriate remediation.
Remediate security problems identified by the Security Operations Center or another responsible source.
Provide real-time monitoring and situational awareness of security events and first-tier incident response and escalation to the Enterprise Security Operations Center (ESOC) per incident response policy and procedures.
Manage and maintain a domain of SOC-related tools.
Tasks include user management, Windows/Linux patching, SQL database management, cloud platforms (Azure/AWS), workstation management (Windows/Linux/Mac), documentation, etc.
Maintain and enhance existing Data Loss Prevention (DLP) capability and services to support active blocking of Personally Identifiable Information (PII) and any other information identified in agency policies for the campus infrastructure and supported components and develop dashboard reporting elements for Senior and Executive management.
Manage and maintain McAfee Security Endpoint Management solution.
Conduct regular vulnerability scanning, reporting, and assessment of supported systems.
In coordination with the GTR and Managed Trusted Internet Protocol Services (MTIPS), review and manage security policies enforced at the MTIPS inspection Level for the agency and the bureaus.
Perform annual review and updates of policies for security tools on the network and other bureaus as directed.
Perform Tenable Nessus scans.
Average, 35-40 scans are run a month.
Proactively monitor and provide near-real-time cybersecurity status and reports to enable timely decision-making for 24/7 operations.
Maintain enterprise dashboards to provide situational awareness of cyber threats, events, and incidents to enable priority-based resourcing decisions.
Develop and maintain a continuous improvement process to innovate the overall cybersecurity posture, including correlating and analyzing cybersecurity events and threats.
Forward and store all log data from firewalls, packet capture, web proxy services, network flow analysis, intrusion detection, and malware analysis tools to a centralized repository and perform analysis on anomalous behavior.
Correlate events throughout the enterprise to provide an early warning capability and provide trending data that enable decision-makers to prioritize cyber mitigation efforts and investment strategies.
H old monthly collaboration forums to enable all organization's incident management teams to share indicators of compromise, cybersecurity intelligence, and ideas to improve communications among teams.
Maintain a database to store and analyze website application vulnerability information.
Adhere to DHS reporting requirements as specified in DHS 4300A Sensitive Systems Handbook, Attachment E, FISMA Reporting (TBR).
Coordinate with intelligence-sharing partners, peers, and customers, including the Defense Industrial Base (DIB) as well as any Information Sharing and Analysis Centers (ISACs) as permitted.
Leverage existing OU investments, data sources, enterprise security initiatives, and partnerships with external cyber entities to maintain a common operating picture.
Integrate, correlate, and enrich disparate information sources to provide actionable intelligence and advice to network and system operators as well as to bureau and departmental management.
Develop documents and document templates, conduct briefings.
Promote an environment of continuous process improvement, learning, and team collaboration.
Necessary Skills and Knowledge:
Working knowledge of:
AWS Cloud Azure Cloud Tripwire Ixia Vision Splunk Cisco Firepower Microsoft (Active Directory Server) Fortify ( WebInspect ) Firewalls Networking Windows, Linux, and Mac patching and workstation management Excellent customer service and organization skills Excellent oral and written communication skills Familiar with information security and assurance principles and associated supporting technologies Minimum
Qualifications:
A bachelor's degree in a related field Public Trust suitability 5
years of experience in the following areas:
SOC Operations, Tenable, Forcepoint Security Manager (Websense) McAfee Network Security Manager ePolicy Orchestrator ( ePO ) Security information and event management (SIEM).
Estimated Salary: $20 to $28 per hour based on qualifications.
Specializing in incident response at the local and enterprise-wide levels as well as forensic analysis, our personnel deliver threat analysis and reporting while implementing solutions based on mature planning and development practices.
Summary:
Goldbelt Hawk is looking for a Security Operation Center (SOC) Engineer in support of a task in Washington, DC.
Essential Job Functions:
Actively monitor the network infrastructure and network audit logs for potential breaches in security and implement appropriate remediation.
Remediate security problems identified by the Security Operations Center or another responsible source.
Provide real-time monitoring and situational awareness of security events and first-tier incident response and escalation to the Enterprise Security Operations Center (ESOC) per incident response policy and procedures.
Manage and maintain a domain of SOC-related tools.
Tasks include user management, Windows/Linux patching, SQL database management, cloud platforms (Azure/AWS), workstation management (Windows/Linux/Mac), documentation, etc.
Maintain and enhance existing Data Loss Prevention (DLP) capability and services to support active blocking of Personally Identifiable Information (PII) and any other information identified in agency policies for the campus infrastructure and supported components and develop dashboard reporting elements for Senior and Executive management.
Manage and maintain McAfee Security Endpoint Management solution.
Conduct regular vulnerability scanning, reporting, and assessment of supported systems.
In coordination with the GTR and Managed Trusted Internet Protocol Services (MTIPS), review and manage security policies enforced at the MTIPS inspection Level for the agency and the bureaus.
Perform annual review and updates of policies for security tools on the network and other bureaus as directed.
Perform Tenable Nessus scans.
Average, 35-40 scans are run a month.
Proactively monitor and provide near-real-time cybersecurity status and reports to enable timely decision-making for 24/7 operations.
Maintain enterprise dashboards to provide situational awareness of cyber threats, events, and incidents to enable priority-based resourcing decisions.
Develop and maintain a continuous improvement process to innovate the overall cybersecurity posture, including correlating and analyzing cybersecurity events and threats.
Forward and store all log data from firewalls, packet capture, web proxy services, network flow analysis, intrusion detection, and malware analysis tools to a centralized repository and perform analysis on anomalous behavior.
Correlate events throughout the enterprise to provide an early warning capability and provide trending data that enable decision-makers to prioritize cyber mitigation efforts and investment strategies.
H old monthly collaboration forums to enable all organization's incident management teams to share indicators of compromise, cybersecurity intelligence, and ideas to improve communications among teams.
Maintain a database to store and analyze website application vulnerability information.
Adhere to DHS reporting requirements as specified in DHS 4300A Sensitive Systems Handbook, Attachment E, FISMA Reporting (TBR).
Coordinate with intelligence-sharing partners, peers, and customers, including the Defense Industrial Base (DIB) as well as any Information Sharing and Analysis Centers (ISACs) as permitted.
Leverage existing OU investments, data sources, enterprise security initiatives, and partnerships with external cyber entities to maintain a common operating picture.
Integrate, correlate, and enrich disparate information sources to provide actionable intelligence and advice to network and system operators as well as to bureau and departmental management.
Develop documents and document templates, conduct briefings.
Promote an environment of continuous process improvement, learning, and team collaboration.
Necessary Skills and Knowledge:
Working knowledge of:
AWS Cloud Azure Cloud Tripwire Ixia Vision Splunk Cisco Firepower Microsoft (Active Directory Server) Fortify ( WebInspect ) Firewalls Networking Windows, Linux, and Mac patching and workstation management Excellent customer service and organization skills Excellent oral and written communication skills Familiar with information security and assurance principles and associated supporting technologies Minimum
Qualifications:
A bachelor's degree in a related field Public Trust suitability 5
years of experience in the following areas:
SOC Operations, Tenable, Forcepoint Security Manager (Websense) McAfee Network Security Manager ePolicy Orchestrator ( ePO ) Security information and event management (SIEM).
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
