29 Aug
SEIM Data Analyst
Maine, Kittery , 03904 Kittery USA

Vacancy expired!

Apex Systems Inc., is immediately seeking a SIEM Data Analyst who is a self-starter, highly organized and has a strong drive for quality & career growth. The qualified candidate will be responsible for performing network monitoring and vulnerability management tasks at a client site following local procedures and best practices for unclassified and classified information systems.Location: Kittery, Maine (Remote during COVID) (Relocation Assistance Available) Duration: Direct Hire Compensation: Competitive based on years of relevant experience Clearance: Able to obtain & maintain an active DOD Secret clearanceDescription of Work:

  • Perform daily log review of firewall, proxy, DNS (Domain Name Service), IDS (intrusion detection system), HIPS (host intrusion prevention system) logs for malicious activity
  • Perform daily review of all notable events and alerts to review for malicious activity.
  • Identify, develop, and tune new correlation rules to increase the amount of automated monitoring and alerts for lateral movement, privilege escalation, beaconing, persistence mechanisms, and other suspicious activity.
  • As a subject matter expert, share and transfer knowledge to government employees to improve processes and cyber security practices.
  • Review open vulnerabilities and research the associated CVEs (common vulnerabilities and exposures) to determine applicability and identify potential technical mitigations to reduce risk.
  • Respond to potential cyber incidents and coordinate response actions according to incident response procedures.
  • Write, update and/or modify Standard Operating Procedures (SOP's) as needed pertaining to network monitoring and incident response.
  • Analyze threat intelligence and community data to keep abreast of security trends and make modifications to existing capabilities based on threat assessments to improve or strengthen security posture
  • Perform periodic audits of information system security procedures and configurations to identify deficiencies and ensure compliance with client's information system controls.
Basic Qualifications:
  • Must have an active DOD Interim-Secret or Secret clearance
  • High School Diploma or GED and 3+ years of experience or Bachelors' Degree and 2+ years of experience with SIEM tools in regard to Incident Response, Vulnerability Management, Event Analysis, and recommending Remediation Tactics.
  • Must have One of the following Certifications: CISSP, Security+ CE, CASP, or ENSA
  • Must have experience with SEIM Tools such as: Splunk (preferred), ArcSight, or Retina
  • Experience reviewing SIEM or other device security alerts and performing analysis on those events and any correlating events to identify and categorize the activity and respond accordingly.
  • Incident Response - Experience responding to suspected and confirmed network and host incidents. Knowledge and experience working through detection, analysis, containment, eradication, recovery, and remediation of incidents. Knowledge and ability to provide guidance and suggest course of actions to take in the event of an incident.
  • Vulnerability Management - Previous experience with ACAS or Tenable Nessus Scanner. Experience evaluating vulnerabilities, assessing risk based on the environment, and identifying technical and non-technical mitigation strategies and developing mitigation statements.
  • Event Analysis - Ability to understand and interpret Windows, UNIX OS, firewall, web proxy, DNS, IDS, and HIPS log events. Ability to pivot between events and correlate host and network events. Understanding of Windows and UNIX event logs must be sufficient enough to create correlation searches for Windows and UNIX events.
  • Experience working in a security operations center (SOC) environment or other network security team providing incident detection and response services utilizing a Security Information and Even Management (SIEM).
  • Experience with tools such as: Nessus, Wireshark, FireEye, SolarWinds, Nagios
  • Strong communication & briefing experience
Preferred Qualifications:
  • Hands on experience with Splunk in regard to Splunk Search and Reporting or Splunk Enterprise Security. Knowledge and experience creating searches, correlation rules, notables, and field extractions
  • Experience with Scripting in Splunk as it pertains to modifying signatures and active scripts
  • Highly prefer prior experience working on an Incident Management team with mature ITIL/ITSM processes.
EEO Employer Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at employeeservices@apexsystemsinc.com or 844-463-6178.

Vacancy expired!


Report job