- Safeguards information system assets by identifying and solving potential and actual security problems.
- Protects system by defining access privileges, control structures, and resources.
- Recognizes problems by identifying abnormalities; reporting violations.
- Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
- Determines security violations and inefficiencies by conducting periodic audits.
- Upgrades system by implementing and maintaining security controls.
- Keeps users informed by preparing performance reports; communicating system status.
- Maintains quality service by following organization standards.
- Maintains technical knowledge by attending educational workshops; reviewing publications.
- Contributes to team effort by accomplishing related results as needed.
- Cyber Security Qualifications / Skills:
- System administration
- Network security
- Problem solving
- Information security policies
- On-call network troubleshooting
- Firewall administration
- Network protocols
- Routers, hubs, and switches
- Informing others
- Process improvement
- Education, Experience, and Licensing Requirements:
- Bachelor’s degree in Computer Science, Information Systems, or equivalent education or work experience
- 4+ years of prior relevant experience
- Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification
- Hold DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent) at start date
- Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
- Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations
- Experience with vulnerability scanning solutions
- Familiarity with the DOD Information Assurance Vulnerability Management program.
- Proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security
- In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)
- Experience developing and deploying signatures (e.g. YARA, Snort, Suricata, HIPS)
- Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands