REQUIRES AND ACTIVE/EXISTING TS/SCI WITH CI POLYGRAPH - NO REMOTE WORK, MUST WORK ON SITE
Job Description
Cyber Intrusion Detection System Administrator. You'll have the opportunity to build strong lines of cyber defense using cutting-edge technologies. Your work in cyber security will have an impact on securing our clients' missions and ensuring we anticipate the threats of tomorrow.
HOW A CYBER INTRUSION DETECTION SYSTEM ADMINISTRATOR WILL MAKE AN IMPACT:
- Monitor day-to-day operations of the sensors (Suricata, Palo Alto, and ArcSight) located at supporting customer's locations.
- Perform Enterprise Defense Countermeasure (DC) activities and coordination with other government agencies to record and prepare incident reports and analysis
methodology and results.
- Monitor and analyze signature alerts from Intrusion Detection/Prevention Systems (IDS/IPS) for false positives.
- Provide technical enforcement of organizational security policies.
- Provide "tune-or-drop" recommendations towards the DC team's Signature Lifecycle Review procedure.
- Provide insight to Detection and Response teams on signature functionality and providing signature tuning as needed.
- Communicate with customers and teammates clearly and concisely.
- Maintain current knowledge of relevant technology as assigned.
- Participate in special projects as required.
- Position is day shift but may require evening, weekend or shift-work (depending on operational tempo).
Required Skills and Abilities:
- Experience authoring Snort signatures.
- Experience authoring Yara rules.
- Experience with Perl Compatible Regular Expressions (PCRE)
Preferred Skills:
- Experience in intrusion detection and prevention systems.
- Proficient in network security technologies and protocols.
- Dashboarding in Splunk.
- Palo Alto Certification Next-Generation Firewall
Location: On Customer Site
- Bolling AFB, Washington D.C
- Reston, VA