The successful candidate must be well-versed in security operations, cybersecurity tools, intrusion detection, and secured networks. You will be responsible for coordinating resources across the VA enterprise and consolidating log data into a centralized repository (Splunk) where they will be correlated, analyzed and enriched by otherthreat analysts to identify Indicators of Compromises (IOCs), Advanced Persistent Threat (APT) and other unauthorized activities on the VA network.
- Provide proactive event monitoring/event management/configuration of the following security tools for targeted threats and malicious activity including but not limited to: Splunk, Palo Alto Networks, McAfee EPO, Cisco Ironport, Netscout, Sourcefire Defense Center and Bigfix
- Determine if an event meets the criteria for additional cyber hunt investigation and/or constitutes a security incident subject to investigation and notify team lead or designate within 15 minutes
- Review audit logs and identify any unusual or suspect behavior
- Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
- Develop and execute custom scripts to identify host-based indicators of compromise
- Provide advanced technical capabilities to senior leadership, including Big Data Analytics, and Predictive Intelligence
- Provide proactive APT hunting, incident response support, and advanced analytic capabilities
- Profile and track APT actors that pose a threat to the organization in coordination with threat intelligence support teams
- Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of securityevents, and reporting of identified incidents to Incident Handling (IH)
Mandatory Qualifications (Education, Certifications, Experience, Skills)
- Competency: Senior Specialist/SME
- Knowledge: Expert knowledge in specialized functions. Exhaustive understanding of, both general and specific aspects of the job and its application.
- Problem Solving: Works on unusually complex technical problems and provide solutions which are highly innovative and ingenious.
- Supervision: Work is unsupervised and assignments are often self-initiated. Work checked through consultation and agreement with client rather than by formal review of superior. May supervise others.
- Education / Experience: Bachelor’s degree (or Associates degree & 2years relecant experience with professional certifications, such as CISSP, GREM, or GCIH. Minimum of 6years information technologies; minimum of 4years advanced Cyber Thread Information Experience. 4years of relevant experience with professional certifications, such as CISSP, GREM, or GCIH
- PWS Specified Certifications: Must have at least one of the following certifications or able to obtain in the first 120 days of hire: Certified Ethical Hacker (CEH); Certified Information Systems Auditor (CISA); GIAC Systems and NetworkAuditor (GSNA); GIAC Certified Incident Handler (GCIH); CERT - Certified Computer Security Incident Handler (CSIH); SPLUNK Certified Knowledge Manager; SPLUNK Certified Admin; SPLUNK Certified Architect
- Background Investigation: Must be able to pass and maintain a Government Background Investigation
Job ID 2017-5623