Contract with Government of the District of Columbia
OCTO – 200 I Street, SE Washington DC 20003
Position closes 08/17/2017
US Citizens or Green Card Holders Only
Security Information and Event Management (SIEM) Integration Engineer will focus on implementation of the McAfee SIEM and associated appliances (Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), Advanced Correlation Engine (ACE)).
Skills/Required Years of Experience:
Bachelor of Science in Electrical Engineering, Computer Science, Information Technology, or equivalent data security and networking experience (Required)
ISC^2 Related Certification (CISSP, CISM) OR relevant Intrusion Prevention System Vendor training/certification (McAfee) (Required)
McAfee ESM administration (Required 5 years)
Experience as a SOC Analyst Level 2 or SOC Team Lead (Required 5 years)
Experience scripting in regular expression for SIEM signatures (Required 5 years)
Server Administration background – Windows and/or Linux/Unix (Required 5 years)
Experience in network/system level administration and or cybersecurity (Required 16 years)
The Security Information and Event Management (SIEM) Integration Engineer will possess deep technical knowledge on a number of security technologies; the main area of focus will be the District implementation of the McAfee SIEM and associated appliances (to include Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), Advanced Correlation Engine (ACE)). The ideal candidate will have a demonstrated understanding of information security and networking and extensive experience interacting with customer.
• Act as the lead for Operations and Maintenance and Configuration Management for all Security Operations Center (SOC) and Security Information and Event Management (SIEM) tools.
• Analysis, design, configuration, implementation, documentation and operation of MacAfee SIEM and associated appliances (to include Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), Advanced Correlation Engine (ACE)).
• Responsible for SIEM security design review and recommendations, technical data gathering, security and policy review and configuration, security device implementation planning, configuration and implementation of security products and technical quality assurance.
• Lead technical troubleshooting efforts for complex network environments to identify and eliminate network or security configuration issues for SIEM data collection.
• Manage system deployments, upgrades, ongoing maintenance and operations.
• Configuration and operation of security device authentication, management & logging platforms.
• Provide Tier3 support to SOC Analyst personnel utilizing the SIEM to respond to security incidents and events.
• Identify, troubleshoot, and resolve complex network connectivity issues as well as advise on network security related issues.
• Understanding of network and endpoint security tools and how they integrate into the SIEM and provide a cohesive view of network incidents and security.
• Configure backups, verify custom reports, manage log source groups and validate log sources.
• Provide occasional off-hours support for planned maintenance work and unplanned support issues. May occasionally require on-site work at a data center during off-hours.
Required Qualification and skills
• Bachelor of Science in Electrical Engineering, Computer Science, Information Technology, or equivalent data security and networking experience required
• CISSP, CISM, or relevant IPS Vendor training/certification preferred
• Professional certifications related to core expertise (McAfee preferred)
• Minimum 5 years McAfee ESM administration experience required
• Minimum 5 years’ experience as a SOC Analyst Level 2 or SOC Team Lead
• Minimum 3 years’ experience scripting in regular expression for SIEM signatures
• Server Administration background – Windows and/or Linux/Unix
No travel anticipated
1. Coordinates IT project management, engineering, maintenance, QA, and risk management.
2. Plans, coordinates, and monitors project activities.
3. Develops technical applications to support users.
4. Develops, implements, maintains and enforces documented standards and procedures for the design, development, installation, modification, and documentation of assigned systems.
5. Provides training for system products and procedures.
6. Performs application upgrades.
7. Performs, monitoring, maintenance, or reporting on real- time databases, real-time network and serial data communications, and real-time graphics and logic applications.
8. Troubleshoots problems.
9. Ensures project life-cycle is in compliance with District standards and procedures.
Background check is required, if selected for the position. There are no reimbursable expenses allocated to this position.