Security Analyst (IDS/ SIEM)
Apply NowCompany: OBXtek
Location: Gwynn Oak, MD 21207
Description:
Company Description
OBXtek Inc.
OBXtek is an award winning Service Disabled Veteran Owned Small Business providing information technology and management services to the federal government. As the prime contractor on over 85% of its work, OBXtek is a leader in its field and has a robust corporate infrastructure that provides support for all of its programs. OBXtek has realized exceptional growth over the last four years and has been awarded prime contracts with 10 federal agencies. This growth is a result of providing customers with successful project execution and quantifiable results, responsive customer service, timely recruiting, quality assurance/quality control and competitive pricing.Solid Financial Resources and low Employee Turnover (5%)
Job Description
Intrusion Protection
Background
DISSAO provides intrusion protection and vulnerability assessments of the SSA Information systems at various inter-dependent levels. The assessment of the network's security is a crucial first step in providing intrusion protection. Additionally DISSAO provides remediation to security incidents. A key ingredient of this remediation is the recommendation of immediate corrective actions to systems known to have any security weaknesses or vulnerabilities.
Scope of Task
The objective is to evaluate, identify and classify all anomalous traffic across SSA net and then to provide corrective action.
In support of the task, the contractor shall perform activities such as those described in the sub-tasks below.
Sub-Task 1: Intrusion Protection and Vulnerability Assessments
Purpose: Provide intrusion protection and vulnerability assessments at all levels of the SSA computing enterprise including current SSA systems, SSA systems under development or scheduled for implementation.
Activities:
Qualifications
Qualifications & Knowledge Requirements
Experience:
Experience: 10 years technically related experience with network and security operations
Desired Security Certifications:
CISSP
CCNA
CEH
Security Plus
Required skills:
Analytical experience:
Implementing Incident Response procedures
Solid understanding of performing risk and vulnerability assessments
Strong Security background and experience in large enterprise environment
McAfee Security Information and Event Management (SIEM)
Splunk ES
Regex
McAfee Web Gateway Proxy
Basic understanding of Web Gateway functionality and operations as they relate to Network Security in an enterprise environment.
Additional Applications:
VMWare (VCenter Server)
Snort
Dragon
Check Point Firewall (IDS Blade)
Sourcefire Defense Center and Sensors:
Experience with signature and rule creation
Deployment of Virtual Defense Center
Security Enhancement and Policy Updates
3D Sensor deployment
Whitelist compliance and traffic tuning
RNA and RUA functionality/management
Additional Information
All your information will be kept confidential according to EEO guidelines.
OBXtek Inc.
OBXtek is an award winning Service Disabled Veteran Owned Small Business providing information technology and management services to the federal government. As the prime contractor on over 85% of its work, OBXtek is a leader in its field and has a robust corporate infrastructure that provides support for all of its programs. OBXtek has realized exceptional growth over the last four years and has been awarded prime contracts with 10 federal agencies. This growth is a result of providing customers with successful project execution and quantifiable results, responsive customer service, timely recruiting, quality assurance/quality control and competitive pricing.Solid Financial Resources and low Employee Turnover (5%)
Job Description
Intrusion Protection
Background
DISSAO provides intrusion protection and vulnerability assessments of the SSA Information systems at various inter-dependent levels. The assessment of the network's security is a crucial first step in providing intrusion protection. Additionally DISSAO provides remediation to security incidents. A key ingredient of this remediation is the recommendation of immediate corrective actions to systems known to have any security weaknesses or vulnerabilities.
Scope of Task
The objective is to evaluate, identify and classify all anomalous traffic across SSA net and then to provide corrective action.
In support of the task, the contractor shall perform activities such as those described in the sub-tasks below.
Sub-Task 1: Intrusion Protection and Vulnerability Assessments
Purpose: Provide intrusion protection and vulnerability assessments at all levels of the SSA computing enterprise including current SSA systems, SSA systems under development or scheduled for implementation.
Activities:
- Provide senior-level advisement to division management and adjacent staff related to Intrusion Protection and Vulnerability Assessments.
- Monitor Intrusion Detection System (IDS) sensors and infrastructure and other monitoring tools based on a schedule defined by SSA Management.
- Monitor vulnerability scanning infrastructure based on a schedule defined by SSA Management.
- Evaluate risk models developed by SSA and provide feedback to the Task Manager.
- Perform ad-hoc scanning as defined by the Task Manager.
- Develop scripts using UNIX shell scripting, Perl, PHP or Visual Basic for use in analyzing traffic patterns and anomalies
Qualifications
Qualifications & Knowledge Requirements
Experience:
Experience: 10 years technically related experience with network and security operations
Desired Security Certifications:
CISSP
CCNA
CEH
Security Plus
Required skills:
Analytical experience:
Implementing Incident Response procedures
Solid understanding of performing risk and vulnerability assessments
Strong Security background and experience in large enterprise environment
McAfee Security Information and Event Management (SIEM)
Splunk ES
Regex
McAfee Web Gateway Proxy
Basic understanding of Web Gateway functionality and operations as they relate to Network Security in an enterprise environment.
Additional Applications:
VMWare (VCenter Server)
Snort
Dragon
Check Point Firewall (IDS Blade)
Sourcefire Defense Center and Sensors:
Experience with signature and rule creation
Deployment of Virtual Defense Center
Security Enhancement and Policy Updates
3D Sensor deployment
Whitelist compliance and traffic tuning
RNA and RUA functionality/management
Additional Information
All your information will be kept confidential according to EEO guidelines.