REQUIRES AND ACTIVE/EXISTING TS/SCI WITH CI POLYGRAPH - NO REMOTE WORK, MUST WORK ON SITE

Job Description

Cyber Intrusion Detection System Administrator. You'll have the opportunity to build strong lines of cyber defense using cutting-edge technologies. Your work in cyber security will have an impact on securing our clients' missions and ensuring we anticipate the threats of tomorrow.

HOW A CYBER INTRUSION DETECTION SYSTEM ADMINISTRATOR WILL MAKE AN IMPACT:

⦁ Monitor day-to-day operations of the sensors (Suricata, Palo Alto, and ArcSight) located at supporting customer's locations.
⦁ Perform Enterprise Defense Countermeasure (DC) activities and coordination with other government agencies to record and prepare incident reports and analysis
methodology and results.
⦁ Monitor and analyze signature alerts from Intrusion Detection/Prevention Systems (IDS/IPS) for false positives.
⦁ Provide technical enforcement of organizational security policies.
⦁ Provide "tune-or-drop" recommendations towards the DC team's Signature Lifecycle Review procedure.
⦁ Provide insight to Detection and Response teams on signature functionality and providing signature tuning as needed.
⦁ Communicate with customers and teammates clearly and concisely.
⦁ Maintain current knowledge of relevant technology as assigned.
⦁ Participate in special projects as required.
⦁ Position is day shift but may require evening, weekend or shift-work (depending on operational tempo).

Required Skills and Abilities:

• Experience authoring Snort signatures.
• Experience authoring Yara rules.
• Experience with Perl Compatible Regular Expressions (PCRE)

Preferred Skills:

• Experience in intrusion detection and prevention systems.
• Proficient in network security technologies and protocols.
• Dashboarding in Splunk.
• Palo Alto Certification Next-Generation Firewall

Location: On Customer Site

⦁ Bolling AFB, Washington D.C
⦁ Reston, VA