DHS HSEN - Senior Security Tools Engineer
ZipRecruiter, Washington, DC, United States
Position Summary
BayFirst Solutions, a subsidiary of Versar, Inc., is seeking a Senior Security Tools Engineer to support the DHS’ Homeland Security Enterprise Network (HSEN) within the Office of the Chief Information Officer (OCIO), IT Operations, Enterprise Engineering Division (EED). This Security Tools Engineer will be a member of a high functioning team of network and security engineers, data center specialists, and stakeholder groups, such as the DHS Network Operations Security Center – Cyber (NOSC-Cyber), ISSOs, and industry vendors, working to continually strengthen and secure HSEN and its data.
The candidate’s primary responsibilities are to provide for enhanced security monitoring and to own the creation, documentation, and administration to a category of security hardware and software to include tool areas like Data Migration Assistant (DMA), Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), malware analysis, forensics, encryption, continuous monitoring tools, and incident and case tracking and ticketing.
This role is eligible for full-time telework.
Duties / Responsibilities
- Provide support for the administration, maintenance, configuration, patching, upgrades and optimization of security tools, devices, application systems, and servers and sensors within the cybersecurity infrastructure.
- Maintain SIEM applications to collect and aggregate IDS and IPS data from network sensors, raw data from collection agents, firewalls, proxy servers, DLP, antivirus, vulnerability scanner elements, and other security‐relevant devices.
- Support and evolve the interfaces between network, SOC, and systems information into the SIEM tool using information from the Information Assurance Compliance System (Xacta) and input from ISSOs; perform asset categorization and prioritization.
- Ensure tools administration with disaster recovery and fail-over procedures in place for security tools, databases, server roles to include but not limited to: DNS, Active Directory, Infoblox DNS Threat Analytics, DbProtect, Venafi, RedSeal, Burp Suite Pro, Suricata, SAVScan, NetWitness, ArcSight, FireEye, Swimlane, Splunk, Grafana, Crowdstrike, Wireshark, Broadcom Bluecoat, Sophos, Palo Alto MineMeld, Palo Alto DLP, Mcafee (ePO, DLP), Volexity, Symantec Endpoint Protection, ProofPoint, O365 DLP, FireEye (EX, HX, NX), CA PAM, Thycotic Secret Server, Sailpoint, RSA Archer, Tenable/Nessus, Tanium, and EnCase.
Minimum Qualifications / Requirements
- At least six (6) years of professional experience in an IT Services environment, providing technical support with emphasis on cybersecurity and security tools.
- Demonstrated experience with network and security management tool suites, with an emphasis on SIEM and SOAR solutions.
- Knowledge of deploying, developing and maintaining in a virtual environment.
- Strong tools customization and integration skills, database, scripting and web front-end experience.
- Working knowledge of a variety of security / networking technologies to communicate and collaborate on issues and solutions with other engineers.
- Strong knowledge of IT security related to networks and applications.
- Must be resourceful in learning a very complex and dynamically changing network.
- Must be a self-starter, able to work independently, and able to manage time effectively.
- Working knowledge of cloud platforms such as AWS, Azure.
- Past experience working in a fast-paced SOC or NOC environment is a plus.
- Ability to communicate effectively with all levels of an organization from engineering, operations, and management.
- U.S. citizenship required and eligibility for a DHS EOD is required to be considered for this position.
Education
BA or BS (Cyber Security, Computer Science, Information Systems, Software Engineering, Computer Engineering, or related field); relevant experience may be a substitute for education.
Certifications Desired
- Certification involving cybersecurity.
- Comptia Security+.
Software/Hardware Desired
- Splunk.
- Swinlane.
- Knowledge of at least one programming or scripting language (e.g., Python, PowerShell, PHP, Perl).
- Windows/Linux experience.