U.S. Judicial Branch
Senior IT Specialist (Security Information and Event Management Security Enginee
U.S. Judicial Branch, Washington, District of Columbia, us, 20022
This is a full-time position with the Office of Information Technology at the Supreme Court of the United States in Washington, D.C.
Closing Date : Friday, 09/13/2024, 11:59 PM EDT
Please note that this vacancy has a limit of
200 applicants . The job opportunity announcement will automatically close if that limit is reached prior to the closing date.Duties:This position is a full-time role in the Office of Information Technology at the Supreme Court of the United States. Under the guidance of the Court Information Security Officer, the incumbent will perform the full range of tasks and activities involved in developing, coordinating, implementing, and maintaining standards, procedures, and technical solutions to protect the confidentiality, integrity, and availability of information systems and data.
The Security Information and Event Management (SIEM) Security Engineer will have overall responsibility for the SIEM program at the Court. The role requires working with system administrators, engineers, developers, and incident responders to identify relevant system events, implementing the design, normalization, ingest, and alerting of relevant logs. The SIEM Engineer serves a critical role in support of investigations and escalations of SIEM alerts. The SIEM Engineer also administers the SIEM hardware, software, and endpoint agents across the enterprise.
The incumbent will be responsible for the following duties:
Manage and evolve the SIEM program over time according to Court prioritiesEvaluate current and emerging SIEM technologies and risksInstall, configure, and maintain SIEM software and hardwareArchitect, administer, configure, and optimize the SIEM platform to collect and correlate security event dataImplement the NIST 800-53 Audit and Accountability (AU) control family according to the Information Security Policy and the needs of Court officesDefine and update SIEM alerts, reports, and dashboardsWork with the Incident Response Team to develop playbooks for responding to SIEM alertsSupport the design and implementation of manual and automated response to security events (SOAR)Train personnel in SIEM program operationCoordinate and conduct SIEM training exercises with relevant stakeholdersWork with Incident Response Team to create detection rules for emerging threatsParticipate in On-Call rotation (approximately one week every two months)Incorporate threat intelligence feeds and indicators of compromise into SIEM alerting and dashboardsCoordinate with department stakeholders when new technologies are implemented to ensure appropriate data ingestRequirements:
Meet Experience Requirements (see Qualifications)Employment is subject to successful completion of a security background check.If you are a male applicant born after December 31, 1959, you must certify that you have registered with the Selective Service System, or are exempt from having to do so under the Selective Service Law. See: www.sss.govQualifications:Candidate must possess the following knowledge, skills, and abilities:
At least 2 years of experience managing enterprise SIEM toolsEnterprise level experience installing, configuring, and implementing RHEL, Ubuntu or similar Linux platformsExperienced engineer with expertise in the design, implementation, configuration, and management of SIEM architecturesExperience with solutions such as SOAR, threat intelligence platforms, and/or User Behavior Analysis (UBA)Knowledge of detection engineering and detection as code practicesAbility to optimize systems to meet enterprise performance requirementsAbility to work with engineers and vendors to improve capabilities, resolve issues, and increase performance of security operation devices and configurationsKnowledge of operating system (Windows, Linux/Unix) command-line toolsKnowledge of endpoint security events and how they relate to possible attacks/intrusionsAbility to balance business needs with security policiesOrganizational skills with the ability to multitask, take direction, prioritize, and manage multiple activities/tasks to achieve objectivesProficiency in tailoring and/or recommending detection rules based on newly discovered IOCs and threats against government networksExpertise in data search, including indexing, querying, and visualizationExperience with API scripting and programming languages (e.g. Python) for automation and custom tool developmentExcellent problem-solving skills and the ability to work under pressure in incident response scenariosStrong communication skills, both written and verbal, to effectively convey complex security conceptsCISSP, GCIA, GCIH, CASP, and other security certifications desired, but not required
#J-18808-Ljbffr
Closing Date : Friday, 09/13/2024, 11:59 PM EDT
Please note that this vacancy has a limit of
200 applicants . The job opportunity announcement will automatically close if that limit is reached prior to the closing date.Duties:This position is a full-time role in the Office of Information Technology at the Supreme Court of the United States. Under the guidance of the Court Information Security Officer, the incumbent will perform the full range of tasks and activities involved in developing, coordinating, implementing, and maintaining standards, procedures, and technical solutions to protect the confidentiality, integrity, and availability of information systems and data.
The Security Information and Event Management (SIEM) Security Engineer will have overall responsibility for the SIEM program at the Court. The role requires working with system administrators, engineers, developers, and incident responders to identify relevant system events, implementing the design, normalization, ingest, and alerting of relevant logs. The SIEM Engineer serves a critical role in support of investigations and escalations of SIEM alerts. The SIEM Engineer also administers the SIEM hardware, software, and endpoint agents across the enterprise.
The incumbent will be responsible for the following duties:
Manage and evolve the SIEM program over time according to Court prioritiesEvaluate current and emerging SIEM technologies and risksInstall, configure, and maintain SIEM software and hardwareArchitect, administer, configure, and optimize the SIEM platform to collect and correlate security event dataImplement the NIST 800-53 Audit and Accountability (AU) control family according to the Information Security Policy and the needs of Court officesDefine and update SIEM alerts, reports, and dashboardsWork with the Incident Response Team to develop playbooks for responding to SIEM alertsSupport the design and implementation of manual and automated response to security events (SOAR)Train personnel in SIEM program operationCoordinate and conduct SIEM training exercises with relevant stakeholdersWork with Incident Response Team to create detection rules for emerging threatsParticipate in On-Call rotation (approximately one week every two months)Incorporate threat intelligence feeds and indicators of compromise into SIEM alerting and dashboardsCoordinate with department stakeholders when new technologies are implemented to ensure appropriate data ingestRequirements:
Meet Experience Requirements (see Qualifications)Employment is subject to successful completion of a security background check.If you are a male applicant born after December 31, 1959, you must certify that you have registered with the Selective Service System, or are exempt from having to do so under the Selective Service Law. See: www.sss.govQualifications:Candidate must possess the following knowledge, skills, and abilities:
At least 2 years of experience managing enterprise SIEM toolsEnterprise level experience installing, configuring, and implementing RHEL, Ubuntu or similar Linux platformsExperienced engineer with expertise in the design, implementation, configuration, and management of SIEM architecturesExperience with solutions such as SOAR, threat intelligence platforms, and/or User Behavior Analysis (UBA)Knowledge of detection engineering and detection as code practicesAbility to optimize systems to meet enterprise performance requirementsAbility to work with engineers and vendors to improve capabilities, resolve issues, and increase performance of security operation devices and configurationsKnowledge of operating system (Windows, Linux/Unix) command-line toolsKnowledge of endpoint security events and how they relate to possible attacks/intrusionsAbility to balance business needs with security policiesOrganizational skills with the ability to multitask, take direction, prioritize, and manage multiple activities/tasks to achieve objectivesProficiency in tailoring and/or recommending detection rules based on newly discovered IOCs and threats against government networksExpertise in data search, including indexing, querying, and visualizationExperience with API scripting and programming languages (e.g. Python) for automation and custom tool developmentExcellent problem-solving skills and the ability to work under pressure in incident response scenariosStrong communication skills, both written and verbal, to effectively convey complex security conceptsCISSP, GCIA, GCIH, CASP, and other security certifications desired, but not required
#J-18808-Ljbffr