Cyber Security Engineer (TS/SCI Required)

About The Position

Requirements

• Possess and maintain Information Assurance Manaagement (IAM) Level I certification as required by Air Force Manual (AFMAN) 17-1303, Department of War (DoW) Directive 8140.01, and DoW 8570.01-M.
• 3+ years' experience operating or maintaining a SIEM solution such as Elastic Stack, ArcSight, or Splunk.
• Active TS/SCI

Responsibilities

• Maintain and scale NASIC's auditing solution (currently Elastic Seach, Logstash, beats, and Kibana) across NASIC's Cornerstone Networks, in support of the IC and AF auditing requirements.
• Develop and document procedures/policies for NASIC to be compliant with Auditing guidance such as ICS 500-27 (Collection and Sharing of Audit Data).
• Provide technical support for investigations and inquiries upon request. Utilize NASIC's auditing solution, to create custom queries, searches, alerts, and dashboards.
• Identify and evaluate anolmalous and suspicious system and network activity, detect and assess network intrusions and malware behavior by incorporating, monitoring, and analyzing event logs across numerous device types (TCP/IP, packet analysis, Windows logs, syslogs).
• Utilize SIEM information with other tools such as Assured Compliance Assessment Solution (ACAS), HBSS, Solar Winds, and Paolo Alto.
• Identify coverage and efficiency gaps in security data and tooling.
• Notify Government Technical Monitor (GTM) of network intrusions and suspicious and anomalous events, and provide details as required within 1 business day of detection as directed by the NASIC Cybersecurity Incident Plan.
• Provide detailed operating process and training for items related to network monitoring.
• Participate in incident response and manage escalations as needed.
• Monitor metrics, and trend data related to network monitoring as directed by ICS 500-27.
• Provide monthly functional area reports summarizing work accomplished, work planned in enxt month and important issues occuring during the month.