Senior Security / SOC Engineer
- Job Title
- Senior Security / SOC Engineer
- Job ID
- Washington DC, WA
- Other Location
We are searching for a full-time Senior Security/SOC Engineer with an Active Top-Secret Clearance. Please send an updated resume and salary requirement. We look forward to hearing from you!
Location: Washington, DC
Our client is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire a Senior Security/SOC Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.
- Strong written and verbal communication skills.
- Have hands-on experience supporting SOC environment as an analyst, engineer and technical team lead.
- Hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating diverse data sets.
- Solid understanding of cyber threats, MITRE ATT&CK framework and other TTP’s.
- Hands-on experience with Security Information and Event Monitoring (SIEM) platforms and log management systems (preferably HUMIO or Splunk) and SIEM/IDS technologies such as Snort, Suricata, Bro/Zeek, Logstash, Elasticsearch, Kibana, Beats, etc.
- Hands-on experience with Network Security Monitoring (NSM) and IDS/IPS systems (preferably Security Onion)
- Skill in using virtual machines and Containers. (e.g., Microsoft Hyper-V, VMWare vSphere, Citrix XenDesktop/Server, Amazon Elastic Compute Cloud, Docker, etc.)
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
- Solid knowledge of server and client operating systems (Windows and Linux)
- Working knowledge of scripting languages such as Python, PowerShell, and Shell
- Solid knowledge of Networking and networking protocols.
- Working knowledge in memory, process, and file system analysis tools such as Volatility and Sysmon
- Experience in application whitelisting and Endpoint Detection and Response (EDR) tools such as Carbon Black and CrowdStrike
- Possess a breadth of knowledge and experience across the information security domain such as Endpoint Security, SIEM, IDS/IPS, Packet Capture Analysis, Memory Analysis, Identity Management, Vulnerability Management, Incident Response, and Cyber Threat Intelligence.
- Experience with Vulnerability management tools such as Tenable.SC, Tenable.IO, Nessus, etc.
- The Security Engineer shall design, implement, and maintain IT security systems to protect the agency's digital assets from malicious cyber attacks.
- The Security Engineer is expected to implement, configure and administer SIEM and IDS products to ensure proper visibility into the environment and compliance requirements.
- The Security Engineer will participate in a lead role in the Cyber Security Incident Response Team and will employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
- The Security Engineer will work with various internal teams to identify gaps and expand coverage of endpoints, logging and network tooling to improve monitoring and response capabilities, including collaboration with Infrastructure and Operations team on solution design recommendations.
- The Security Engineer will investigate, triage, contain, and mitigate complex cybersecurity events and incidents using various cyber security tools such as IDS, EDR, SIEM and CASB.
- The Security Engineer will create and tailor IDS rule sets, policies and signatures and/or SIEM alerts to the agency network environment and systems.
- The Security Engineer will configure and maintain cloud monitoring technologies to support infrastructure as a service (IaaS) and software as a service (SaaS) deployment.
- The Security Engineer will review threat intelligence reports and feeds, make recommendations and lead implementations for profile or toolset changes based on reviews.
- The Security Engineer will conduct trending and correlation of multiple cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resiliency
- GIAC Certified Intrusions Analyst (GCIA), GIAC Certified Incident Handler (GCIH) and Certified Information Systems Security Professional (CISSP) is preferred
- Bachelor of Science degree in computer science, programming, information systems, or related discipline
- 5+ years of experience in the Information Security, Cyber Network Defense or Cyber Security domain
- Active Top Secret