Cyber Security Engineer - REMOTE POSITION
Responsibilities & Qualification
•Administer the Splunk based log management system and analyze the current logging capabilities;
•Ensure the Agency Information Security systems administered by the Team are sending all required logs to the log management system;
•Maintain the Log Management and Security Information and Event Management system to collect and aggregate IDS/IPS data from network sensors, raw data from collection agents, firewalls (including but not limited to Layer 7 Application Firewalls), proxy servers, DLP, antivirus/endpoint protection software, and vulnerability scanner elements;
•Tune the SIEM and IDS/Intrusion Prevention System (IPS) events to minimize false positives;
•Enroll NRC network and systems information into the SIEM tool, using information from the Vulnerability and Compliance;
•Scanning System (VCSS) and input from ISSOs, and perform asset categorization and privatization;
•Tune the capabilities as practicable to improve efficiency and ensure that reporting capabilities of the log management system are working properly;
•Validate that agency log retention requirements are configured properly within the agency’s log management system;
•Identify shortfalls in the current capability and identify systems that are not sending logs to the agency log management system;
•Recommend improvements to current processes;
•Provide technical guidance to administrators of other IT systems to ensure their logs are sent to the agency’s log management system;
•Configure agency’s log management system role-based access controls so that logs for specific systems can only be accessed by designated administrators.
•5 years of experience with Splunk;
•Minimum 10 years of relevant experience;
•Experience in architecture, design, support, maintenance, and expansion of an enterprise log management/SIEM infrastructure in a highly resilient configuration;
•Experience in monitoring an enterprise log management/SIEM server and agent infrastructure for capacity planning and system optimization;
•Experience in deployment, configuration, and maintenance of log forwarder agents across a variety of UNIX and Windows platforms;
•Experience in collaboration with a variety of IT stakeholders in design and maintenance of production-quality log management/SIEM reports and dashboards to support data analysis and visualization;
•Experience in creation and maintenance of documentation related to log management/SIEM infrastructure configuration and operational processes;
•Advanced system administration skills with Linux operating systems;
•Knowledge of regular expression, scripting, and application development languages (e.g., Python, Perl, JavaScript, Linux shell scripting);
•Must be able to successfully obtain a Public Trust;
•Telework (local to the DC, Maryland, Virginia area preferred).