This site uses cookies. To find out more, see our Cookies Policy

Cyber Security Engineer – Sensor Monitoring Specialist - 3rd Shift in Chicago, IL at APEX Systems

Date Posted: 3/15/2019

Job Snapshot

Job Description

Job #:  951087

Cyber Security Engineer – Sensor Monitoring Specialist

Location: Chicago, IL

Hours of Support: Shift 3 - 10:00pm to 6:30am

Roles and Responsibilities:

  • The Sensor Monitoring Specialist monitors 100 percent of all internal and external network traffic to provide  security analysis support to cover over 100 million (M) plus weekly security events, up to 1.4M endpoints (projected out to fiscal year 2020).  This support is mainly derived from the NIST SP 800-53 series, Incident Response (IR) Control Families.
  • Respond to 100 percent of tickets/ emails and produce an updated analysis progression thereafter in accordance with SLAs.
  • Utilize the ITSM to manage and track performance.
  • Escalate work requests as needed through the ITSM and utilize the ITSM to document all investigation related activities. 
  • Monitor, analyze or report 24/7/365 on the following:
  • Monitor 100 percent of the network intrusions and malware events using the Security Information and Event Management (SIEM) tool and this shall be performed manually during a SIEM outage
  • Collect, review, analyze and correlate security events from Network Security tools in the Wide Area Network, Trusted Internet Connection (TIC) Gateways, Data Centers, local facilities, Business Partner Extranet, and external VA cloud locations as applicable and capability facilitates
  • Monitor on premise and CSOC monitored enterprise cloud environment based events for potential incidents
  • Monitor for threats at every phase of the Cyber Intrusion Kill Chain.
  • Monitor all security devices to ensure confidentiality, integrity, and availability of CSOC architecture and security devices
  • Utilize incident response use-case workflows to follow established and repeatable processes to triage and escalate incidents
  • Review, inspect, and analyze log files (i.e. Network logs, Server/ Workstation Logs, SPLUNK logs), network traffic and security events from all network security tools within the VA Wide Area Network and Gateway to detect, identify and report anomalous malicious network activity
  • Review audit logs and report any unusual or suspect activities in accordance with VA 6500 (i.e. SI-1 – System and Information Integrity Policy and Procedures, and SI-4 – Information System Monitoring)
  • Create trouble tickets to capture the detailed analysis of security events, in accordance with established CSOC procedures
  • Perform initial validation to determine whether a security event requires investigation, and open a trouble ticket as needed
  • Escalate ticket to an incident if the analysis indicates a security compromise.
  • Correlate events for early warning and prevention
  • Produce Weekly Summary of Sensor Analysis Status Report spreadsheet, to include; status (opened, under investigation, or closed), summary of tickets by ticket number and date, and brief annotation of current analysis to help track progress

 

  • Maintain a daily activity report on assigned investigations and/ or incidents. 
  • Incorporate input received from other teams and external vendor personnel to analyze and validate security events and incidents. 
  • Review threat intelligence documentation and integrate knowledge into security operations.
  • Identify false-positives by correlating security events with vulnerability data and system status.
  • Conduct weekly, monthly and yearly trend analysis of security events to identify anomalous malicious activity and repeat infections. 
  • Utilize open source intelligence and various cyber security threat portals (e.g. Homeland Security Information Network (HSIN), iSight, Shadow Server), and other credible sources for cyber threat information to assist with the validation of incidents. 
  • Provide technical support to develop and execute custom scripts to identify host-based indicators of compromise. 
  • Provide technical support for new detection capabilities and improve upon existing security tools. 
  • Create customized monitoring dashboards using Splunk and other event collection tools to augment SIEM as needed. 
  • Provide recommendations for event monitoring/ event management/ configuration of security tools for targeted threats and malicious activity during technical meeting or informally through emails. 
  • Submit Use Cases for analysis by SIEM and Predictive Analytics tools and work in conjunction with the CHTA and CTS – Cyber Technical Services Teams to implement. 
  • Develop required SOPs and assist other CSA teams with SOP, Playbook, and Work Flow Development.

 

Basic Qualifications:

To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:

  • Bachelor’s degree Computer Science, Information Systems Management, Engineer or related field with minimum of 2 years’ experience.  5 years additional related experience may be substituted for degree requirement.
  • Minimum of 3 years significant experience performing network and host advanced analytics principles and methods, and information security processes and techniques required to sufficiently perform sensor monitoring and advanced analysis. 
  • Certification in one of the following (Security+, Network+, VA CSP, CISSP, C|EH) or 5 years of additional experience overrides certification requirement.
  • Must be able to obtain a Veterans Affairs High Security Background Investigation (VA BI)

 

Preferred Qualifications:

Candidates with these desired skills will be given preferential consideration:

  • Bachelor's Degree
  • Knowledge of VA culture, mission, and IT environment
  • Certification in one of the following (Security+, Network+, VA CSP, CISSP, C|EH)

 

 

 

 

 

 

 

 

EEO Employer

Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178