|Location||Arlington, VA or Remote|
|Preferred GIAC Certifications||GCDA, GCFA, GCIA, GCIH, GSOC|
|Contact Name||Bryan Scarbrough|
Senior Security Engineer, Information Security, who will be responsible for designing, building, and delivering significant components of Interos' threat hunting strategy and overall security posture. Providing mission assurance through network defense, our team protects an enterprise network across the globe. The Security Operations group works hand in hand as a trusted partner with our Information Technology Department, Project teams, and our Business Development groups.
- Support the SOC team through the facilitation of administrative needs such as data analysis, gap analysis, technical trade studies, documentation review/edit/publishing, reporting, and threat briefings.
- Provide investigation and remediation support to mitigate security threats and incidents
- Work with various teams to ensure best practices regarding information security are understood, implemented, documented as systems are migrated from different environments
- Review multiple cloud environments for weaknesses and improvements needed
- Work with the team to integrate the security toolset with other systems to automate functions for incident response
- Ensure systems adhere to relevant secure benchmarks
- Managing multiple security tools within multiple environments
- Work with the SOC and Compliance teams to ensure SSP and relevant controls are documented and updated
- Work within the team to enhance rule tuning and filtering to focus on relevant events
- Support a wide range of security tools in a multi-tenant environment
- Provide Continuous tuning of existing security tools used for monitoring and analysis of security events of interest
- Create incidents and support the investigation of such incidents to not only mitigate the current threat but also prevent future occurrence.
- Create, review, and update applicable control implementation statements within System Security Plans (SSP) with supporting statements and evidence
- Document and track status of all findings within the Plan of Action and Milestones (POA&M)
- Work closely with other teams to support the incident management process.
- Work with various groups to ensure compliance to applicable FedRAMP controls under NIST 800-53
- Stay up-to-date on the latest tools, techniques, and processes used by cyber criminals
- Be an escalation point within the team and work closely with other analysts and engineers as required
- Work with various teams to improve integration of services to the security toolset
- Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience.
- 6+ years of hands-on experience in information security
- 5 years of direct experience supporting secure coding practices.
- Demonstrated understanding of web application and database security
- Knowledge of software/application hardening OR input validation testing OR SQL injection testing a PLUS!
- Strong technical background in software security design/implementation and data protection
- Strong communication, interpersonal, consulting style skills to interface with staff, developers, and customers
- Knowledge of all domains within information security, especially defensive strategies, MSSP's
- 3+ years Experience with more than one IDS/IPS, EDR, SIEM, and manual log analysis techniques
- 4+ years experience in Shell scripting or automation of tasks using Python
- Thorough understanding of network protocols, data on the wire, and covert channels
- Mastery of Unix/Linux/Mac/Windows operating systems, including Bash and Powershell
- Experience in scripting and configuration of SIEM tools
- Knowledge of web application logs and system event logs (Windows & *Nix)
- Ability to navigate and work effectively across a complex, geographically dispersed organization
- Demonstrated ability to self-direct, with minimal supervision to achieve assigned goals
- Eligibility to obtain a security clearance is preferred
- Strong understanding of network security teams and environments, operations initiatives, documentation/professional writing, management, and a general security background.
- Experience with the preparation, review, revision, and maintenance of technical documents.
- Fundamental understanding of networking and security concepts, including defensive techniques/methodologies
- Familiarity with defensive technologies such as SIEM, next-gen firewalls, IDS/IPS, endpoint security and machine learning tools
- Familiarity with day-to-day workflow and general operations of a SOC environment
- Experience with an Incident Response/case management system
- Experience gathering metrics and utilizing data-analysis of the data to help inform decision-making
Certifications in one or more of the following:
- Forensics background
- SANS GIAC Certification(s)
- Other cybersecurity offense / defense certifications