Cyber Analyst

Cyber Analyst

Requirements

• Must be a U.S. citizen and hold an Active Secret Security Clearance
• DoD 8570 IAT Level II Certification (e.g., CompTIA Security+ CE, CySA+)
• ESS/HBSS Certification (Levels 201, 301, or 501), or DoD authorization to complete ESS/HBSS training within 14 days of starting the role
• ACAS Certification, or DoD authorization to complete ACAS training within 90 days of starting the role (depending on when courses are available)
• Must reside within 50 miles of the Washington, DC metro area (including Maryland and Virginia)
• Must be available to report onsite to DCAA Headquarters at Ft. Belvoir, VA, as needed
• Must be available to work after hours (nights/weekends for non-production activities), as required

Responsibilities

• Provide diverse Cybersecurity services that enforce, comply with, and support the DOD cybersecurity directives, policies and procedures.
• Provide Cybersecurity services that may include, but are not limited to, policy development; security technical assessment; insider threat assessment; security architecture development; security engineering; certification and accreditation; security compliance, audit, assessment, and reporting services; inspection services in accordance with DOD Directives; vulnerability assessment and management; metrics consolidation and reporting; computer network defense (CND) operations, monitoring, and analysis; cybersecurity and IT systems and tools administration and maintenance; incident response, tracking, and resolution; cross-domain solutions support.
• Responsible for developing dashboards and running ad-hoc, daily, weekly and monthly reports.
• Responsible for notifying leadership of potential issues pertaining to the SPLUNK environment.
• Responsible for documenting hardware and software configurations and keeping them up to date.
• Knowledge in Splunk systems maintenance, indexes and data retention.
• Knowledge in Splunk systems architecture design and implementation.
• Knowledge with syslog servers and syslog NG administration.
• Responsible for maintaining a small RedHat Enterprise Linux Environment (RHEL 8).
• Knowledge with Red Hat licensing, subscriptions, entitlements and activation.
• Knowledge with monitoring and maintaining resources for virtual servers on a VMware infrastructure.
• Identify, analyze, define, develop, coordinate, implement and audit the security policies, procedures and processes for the DCAA systems and infrastructure.
• Evaluate, document, and report IT systems security posture and configuration for DCAA systems risk analysis.
• Utilize ACAS & Splunk to produce vulnerability management reporting for DCAA systems to aid in compliance with DOD Information Assurance Vulnerability Management (IAVM) policy.
• Provide guidance on remediation steps to close any identified vulnerabilities and minimize the agency’s attack footprint.
• Support Cybersecurity Operations, as required, to develop monitoring, response and handling procedures for intrusion and malicious code incidents. Tasks include conducting, supporting and coordinating network intrusion detection events and analysis.
• Monitor, respond to, and report computer security events for DCAA Endpoint Security Solutions (ESS). DCAA currently utilizes Trellix ePolicy Orchestrator and suite of host based products. The current security systems and tools may change as the trends in technology change and/or Government need/mandates are required.
• Actions must be taken to investigate, categorizes, respond to, and mitigate events/incidents in accordance with the DCAA Incident Response Plan and procedures. Level 2 Service Provider personnel must perform the following tasks and make every effort to meet the SLA requirements as set by the priority level of the incident.
• Document all changes, following up with a change request (CR), as required
• Develop Standard Operating Procedures (SOPs) pertaining to Trellix ESS, Tenable/ACAS, Splunk and Red Hat environments.

Preferred Qualifications

• 5 years of progressive experience in continuous monitoring, analyzing incidents and handling incident response tool sets.
• Splunk Certification (i.e., Splunk Certified Administrator, Splunk Architect)
• Red Hat Certified System Administrator (RHCSA)
• VMWare knowledge
• Knowledge of Tenable Security Center