VA Home, Washington, DC
136 days ago
DHS HSEN – Senior Security Tools Engineer
Position Summary

BayFirst Solutions, a subsidiary of Versar, Inc., is seeking a Senior Security Tools Engineer to support the DHS’ Homeland Security Enterprise Network (HSEN) within the Office of the Chief Information Officer (OCIO), IT Operations, Enterprise Engineering Division (EED).  This Security Tools Engineer will be a member of a high functioning team of network and security engineers, data center specialists, and stakeholder groups, such as the DHS Network Operations Security Center – Cyber (NOSC-Cyber), ISSOs, and industry vendors, working to continually strengthen and secure HSEN and its data.  

The candidate’s primary responsibilities are to provide for enhanced security monitoring and to own the creation, documentation, and administration to a category of security hardware and software to include tool areas like Data Migration Assistant (DMA), Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), malware analysis, forensics, encryption, continuous monitoring tools, and incident and case tracking and ticketing.  

This role is eligible for full-time telework.

Duties / Responsibilities

Provide support for the administration, maintenance, configuration, patching, upgrades and optimization of security tools, devices, application systems, and servers and sensors within the cybersecurity infrastructureMaintain SIEM applications to collect and aggregate IDS and IPS data from network sensors, raw data from collection agents, firewalls, proxy servers, DLP, antivirus, vulnerability scanner elements, and other security‐relevant devicesSupport and evolve the interfaces between network, SOC, and systems information into the SIEM tool using information from the Information Assurance Compliance System (Xacta) and input from ISSOs; perform asset categorization and prioritization.Ensure tools administration with disaster recovery and fail-over procedures in place for security tools, databases, server roles to include but not limited to: (DNS, Adm , Remote desktop), Active Directory, DNS, Remote Desktop, Domain Tools, Infoblox DNS Threat Analytics, DbProtect, Venafi, RedSeal, Burp Suite Pro, Suricata, SAVScan, NetWitness, ArcSight, FireEye, Swimlane, Splunk, Grafana, Crowdstrike, Wireshark, Broadcom Bluecoat, Sophos, Palo Alto MineMeld, Palo Alto DLP, Mcafee (ePO, DLP), Volexity, Symantec Endpoint Protection, ProofPoint, O365 DLP. FireEye (EX, HX, NX), CA PAM, Thycotic Secret Server, Sailpoint, RSA Archer, Tenable/Nessus, Tanium, and EnCase 

Minimum Qualifications / Requirements

At least six (6) years of professional experience in an IT Services environment, providing technical support with emphasis on cybersecurity and security toolsDemonstrated experience with network and security management tool suites, with an emphasis on SIEM and SOAR solutionsKnowledge of deploying, developing and maintaining in a virtual environmentStrong tools customization and integration skills, database, scripting and web front-end experienceWorking knowledge of a variety of security / networking technologies to communicate and collaborate on issues and solutions with other engineersStrong knowledge of IT security related to networks and applications with solutions to Must be resourceful in learning a very complex and dynamically changing networkMust be a self-starter, able to work independently, and able to manage time effectivelyWorking knowledge of cloud platforms such as AWS, AzurePast experience working in a fast-paced SOC or NOC environment is a plusAbility to communicate effectively with all levels of an organization from engineering, operations, and managementU.S. citizenship required and eligibility for a DHS EOD is required to be considered for this position.

Education

BA or BS (Cyber Security, Computer Science, Information Systems, Software Engineering, Computer Engineering, or related field); relevant experience may be a substitute for education.

Certifications Desired

Certification involving cybersecurityComptia Security+ 

Software/Hardware Desired

SplunkSwinlaneKnowledge of at least one programming or scripting language (ex. Python, PowerShell, PHP, Perl) Windows/Linux experience 
Confirm your E-mail: Send Email