Security Systems Engineer
TS/SCI + required and able to receive their PSD/Yankee White, or Active Yankee White Clearance
- Provide support with respect to technical management security infrastructure for a Windows and Linux based network platform.
- Operate and maintain security infrastructure including IDSs, HBSS, etc. to ensure system and application performance/health monitoring.
- Develop and maintain security infrastructure policies and procedures in accordance with DISA standards.
- Manage security infrastructure servers on the WHMO network and ensure that all are maintained and upgraded according to the latest DISA guidelines.
- Create and maintain Host Intrusion Prevention System (HIPS) exceptions and firewall rules in efforts to ensure secure site configurations per DISA guidance.
- Monitor latest HBSS to detect faulty operation, anomalies, and security events.
- Develop, run, analyze, and maintain reports using SQL and HBSS reporting.
- Develop sorting rules, dashboards, data monitors, and filters using HBSS for first responders, analyst, and Information Assurance Manager.
- Deploy, tune, and configure software to detect and/or prevent malicious activity at host level.
- Develop and test new agents.
- Analyze the results of queries for "Interesting Events" and pass to first responders to open new investigation.
- Maintain logs.
- Work cooperatively with other divisions to resolve issues and meet objectives.
- Perform report and query generation.
- Interface with government customer and other divisions in order to provide a quality product that meets objectives.
- Develop written procedures and provide on-site training.
- Monitor and control all HBSS accounts including access level, policies changes, etc.
- Participate in special projects as required.
Certifications and Training:
- Provide monthly status report.
- Create and maintain documentation of all HBSS system configurations.
- Develop and maintain all documentation for HBSS policies and procedures in accordance with DISA standards.
- Create and maintain documentation for all Host Intrusion Prevention System (HIPS) exceptions and firewall rules.
- Assist in any network/host intrusion investigation that requires HBSS logs.
- Maintain all records of reports developed, run, and analyzed using SQL and HBSS reporting.
- Maintain documentation of all sorting rules developed, dashboards setups, data monitors, and filters.
- Maintain all documentation of software and signatures used to detect and/or prevent malicious activity at host level.
- Develop written procedures and provide on-site HBSS training.
- Log all investigation progress details in Incident Response tracker.
- 8570 CNDSP Infrastructure Support certifications (CEH and/or SSCP)
- Red Hat Certified System Administrator (RHCSA),
- Desired current Microsoft Certified IT Professional (MCITP) certification.
- HBSS 201 Basic and 301 Advanced training
- Oral Communication
- Written Communication; Technical writing
- Primarily responsible for the technical management security infrastructure for a Windows and Linux based network platform. The position will oversee all security system maintenance, upgrades, expansions, etc.
- Conducts security system maintenance, upgrades, etc. based on all DISA requirements and vendor recommendations
- Experience interpreting, applying and advising others on DOD IA/CND policies, guidance and regulations
- Expertise in McAfee’s ePO, subsequent modules, including McAfee Agent, Rogue Sensor Detection, HIPS, Policy Auditor (PA), Data Loss Prevention (DLP), etc.
- Hands-on network operations experience in multi-site Windows and Linux environments – Data circuits, Firewall/VPN, TCP/IP and routing protocols, Switches (CISCO), File servers (Linux), Data storage, and Windows servers running COTS and custom applications etc.
- Operate and tune Linux systems, servers, and related components to ensure high levels of availability and security of the supported business applications. This includes installs, configures, and maintains
- Perform system backups and restores
- Strong knowledge of Cloud related security, engineering, design, architectural, maintenance, business modeling, or similar areas related to the information technology project being performed
- Strong knowledge of intrusion detection methods protecting DOD computer networks and systems
- Strong understanding of Active Directory