Security Operations (SecOps) Engineer
Access Talent Today, LLC
- Washington, DC
MAJOR DUTIES AND RESPONSIBILITIES
- Performs all tasks to align with Information Security Program direction provided by ISO, AOTO
- Follows SecOps guidance provided by the AOTO SecOps Government Lead
- Performs day-to-day operations of security tools, including but not limited to:
- Network and Application Vulnerability Scanning
- Patch Management
- Web Gateways/Proxies
- Endpoint Protection
- Data Loss Prevention
- Intrusion Detection and Prevention
- Log Aggregation/SEIM
- Monitors appropriate security feeds and dashboards in support of Continuous Monitoring activities
- Provides timely security impact analysis to support change management processes
- Supports the Security and Assessment and Authorization process and SDLC activities by providing recommendations on appropriate control implementation and risk mitigation strategies
- Conducts vulnerability scans, interprets results and provides them to customers
- Monitors various Internet and open source information feeds for emerging vulnerabilities and threat actors, determining their applicability to the operating environment and issuing technical advisories appropriately.
- Provides input to system security documentation, including but not limited to:
- Concept of Operations
- Architecture Diagrams
- Security Policies
- Standard Operating Procedures
- Participates in Incident Response activities in coordination with other teams as necessary; Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details.
- Evaluates and reviews vulnerability scans, completes review and reports on anti-virus definition reports weekly and takes proactive steps to ensure mitigation and/or remediation of findings.
- Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation. Determines and directs remediation and recovery efforts.
- Develops and implements new approaches and procedures regarding security measures that comply with Judiciary and AOTO policies and guidelines.
- Performs other duties as assigned.
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of cybersecurity and privacy principles.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of specific operational impacts of cybersecurity lapses.
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations.
- Knowledge of adversarial tactics, techniques, and procedures.
- Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
- Knowledge of communication methods, principles, and concepts that support the network infrastructure.
- Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
- Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- Knowledge of database systems.
- Knowledge of Security Assessment and Authorization process.
- Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- Knowledge of cybersecurity and privacy principles (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Knowledge of confidentiality, integrity, and availability requirements.
- Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
- Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
- Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
- Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
- Knowledge of cyber defense and information security policies, procedures, and regulations.
- Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
- Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
- Knowledge of system administration, network, and operating system hardening techniques.
- Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
- Knowledge of cloud service models and how those models can limit incident response.
- Knowledge of malware analysis concepts and methodologies.
- At least 8 years total IT experience, with 2-5 years of experience as a security administrator, engineer, or analyst in an enterprise environment
- Experience with Vulnerability Management Systems (e.g. Nessus)
- Experience with Patch Management Systems (e.g. Quest/Dell Kace 1000)
- Experience with Web-based threat protection (e.g., Websense)
- Experience coordinating and overseeing the implementation of security patches.
- Experience with remediation of security vulnerabilities.
- Knowledge of the operating characteristics of various operating systems, e.g. Windows 7 and 10, Windows server 2008/2012/2016, iOS.
- Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
- Plan, manage and provide guidance pertaining to IT Security to include all phases of computer security (i.e., hardware, software, and telecommunications equipment, installation and evaluation). Work frequently requires the candidate to be involved in diverse projects simultaneously, several of which may have equally high priority.
- Excellent oral and written communications skills. Interaction and information gathering with coworkers and customers.
Scheduled Weekly Hours:40Telecommuting Options:Some Telecommuting AllowedWork Location:USA DC Washington
- Bachelor's degree in an IT related field is preferred.
- Industry leading certifications relating to IT security (CISSP, GIAC, etc.).
Friday, June 28, 2019