Job was saved successfully.
Job was removed from Saved Jobs.

Job Details


Leidos

Cyber Security Network Auditor ( R-00051023 )

Law Enforcement and Security

Diplomatic Security

Yearly

No

Dayton, Ohio, United States

Description

Job Description:

The Enterprise & Cyber Solutions Operation is hiring a Cyber Security Network Auditor to support the National Air and Space Intelligence Center at Wright-Patterson Air Force Base, Ohio. An active TS/SCI is required; all work is onsite.

Primary Responsibilities

  • Work with and lead Cybersecurity personnel to install, configure, and deploy Elastic Stack across NASIC’s Cornerstone Networks, in support of the IC and AF auditing requirements.
  • Develop and document procedures/polices in order for NASIC to be compliant with Auditing guidance such as ICS 500-27 (Collection and Sharing of Audit Data). Provide technical support for any possible investigations and inquiries which may result of any misuse of information resources.
  • Maintain and expand (as necessary) NASIC’s auditing solution (currently Elastic Search, logstash, beats, and kibana) across NASIC’s Cornerstone Networks, in support of the IC and AF auditing requirements
  • Develop and document procedures/polices for NASIC to be compliant with Auditing guidance such as ICS 500-27 (Collection and Sharing of Audit Data). Provide technical support for any possible investigations and inquiries which may result of any misuse of information resources.
  • Utilize Security Information and Event Management (SIEM) software products, such as the Elastic Stack, to create custom queries, searches, alerts, and dashboards.
  • Identify and evaluate anomalous and suspicious system and network activity, detect and assess network intrusions and malware behavior by incorporating, monitoring, and analyzing event logs across numerous device types (TCP/IP, packet analysis, Windows logs, syslogs).
  • Utilize SIEM information with other tools such as ACAS, HBSS, SolarWinds, and Palo Alto.
  • Identify coverage and efficiency gaps in security data and tooling.
  • Notify Government Technical Monitor (GTM) of network intrusions and suspicious and anomalous events, and provide details as required within 1 business day of detection.
  • Provide detailed operating process and training for items related to network monitoring.
  • Participate in incident response and manage escalations as needed.
  • Monitor metrics, and trend data related to network monitoring.
  • Provide monthly functional area reports summarizing work accomplished, work planned in next month and important issues occurring during the month.

Basic Qualifications

  • Active TS/SCI clearance
  • Possess and maintain Information Assurance Management(IAM) Level I certification
  • 3+ years experience operating or maintaining a SIEM solution such as the Elastic Stack, ArcSight, or Splunk
  • Requires a high school diploma or equivalent and 5+ years of prior relevant experience.

Preferred Qualifications

  • Experience utilizing SIEM information with other tools such as ACAS, HBSS, SolarWinds, and Palo Alto.

External Referral Bonus:Ineligible

Potential for Telework:No

Clearance Level Required:Top Secret/SCI

Travel:Yes, 10% of the time

Scheduled Weekly Hours:40

Shift:Day

Requisition Category:Professional

Job Family:Cyber Security

Pay Range: