ESS SIEM Engineer
Vacancy expired!
Description Job Description: Leidos is a Fortune 500™ company aimed at embracing and solving some of the world's most pressing challenges. Through science and technology, Leidos makes the world safer, healthier and more efficient.Our Civil Group offers an array of exciting career opportunities for the best IT, energy, logistics and engineering professionals.Leidos is seeking a SIEM Engineer that will be part of the Enterprise Security Services (ESS) team on the NOAA Cyber Security Center and Department of Commerce ESOC contract. The primary focus for the SIEM Engineer is to be able to configure, manage, operate, and administrate the SIEM managed platform. In addition, the candidate must have a strong understanding of information security and networking, and extensive experience interacting with end users. The SIEM Engineer serves as an escalation point for critical and complex client issues and assists with developing and documenting work processes. BASIC QUALIFICATIONS:
- Bachelor's degree in technical field or equivalent experience and 3 - 5 years of prior relevant experience or Masters with less than 3 years of prior relevant experience.
- Must be able to obtain and maintain security clearance, specifically DoD/Top Secret Clearance or TS/SCI (Interim Secret acceptable).
- Detailed understanding of the TCP and IP protocol suites and ability to dissect and explain the contents of traffic and packets.
- Ability to multi-task in a deadline-oriented environment.
- Demonstrated ability to work well independently in a remote environment.
- Experience with configuration of debug, event generation and logging functionality within application and operating systems, using Syslog or flat file generation.
- Develop metrics and trends that demonstrate the log platform's health and operational state.
- Participate in information security audits, ensuring the technical compliance with related (e.g. PCI, ISO, etc) regulatory requirements.
- Define, document, and implement appropriate delivery, parsing, reporting, and retention of security-relevant log information.
- Assist users of the SIEM in real-time investigation and analysis.
- Research and document security best practices to continually improve the deployment and use of the SIEM.
- Maintain the health, performance, stabilization, tuning and ongoing planning of the SIEM platform.
- Work with other teams in the integration of security tools with the SIEM.
- Develop new SIEM content including correlation rules, dashboards, reports, and alerts that appropriately characterize the importance of events of interest found in multiple environments.
- Experience with ArcSight SIEM platform.
- Hands on experience with Windows and LINUX servers.
- Experience in a Security Operations Center (SOC).
- Active Security+, CISSP, or similar information security certifications.
- Active Secret clearance.
- Large Infrastructure
- Mission Support
- Digital Modernization
- Command & Control
- Mission Applications
- Environmental Science
- Nuclear Security
- Engineering Services
Vacancy expired!