Cyber Security Network Auditor ( R-00051023 )
The Enterprise & Cyber Solutions Operation is hiring a Cyber Security Network Auditor to support the National Air and Space Intelligence Center at Wright-Patterson Air Force Base, Ohio. An active TS/SCI is required; all work is onsite.
- Work with and lead Cybersecurity personnel to install, configure, and deploy Elastic Stack across NASIC’s Cornerstone Networks, in support of the IC and AF auditing requirements.
- Develop and document procedures/polices in order for NASIC to be compliant with Auditing guidance such as ICS 500-27 (Collection and Sharing of Audit Data). Provide technical support for any possible investigations and inquiries which may result of any misuse of information resources.
- Maintain and expand (as necessary) NASIC’s auditing solution (currently Elastic Search, logstash, beats, and kibana) across NASIC’s Cornerstone Networks, in support of the IC and AF auditing requirements
- Develop and document procedures/polices for NASIC to be compliant with Auditing guidance such as ICS 500-27 (Collection and Sharing of Audit Data). Provide technical support for any possible investigations and inquiries which may result of any misuse of information resources.
- Utilize Security Information and Event Management (SIEM) software products, such as the Elastic Stack, to create custom queries, searches, alerts, and dashboards.
- Identify and evaluate anomalous and suspicious system and network activity, detect and assess network intrusions and malware behavior by incorporating, monitoring, and analyzing event logs across numerous device types (TCP/IP, packet analysis, Windows logs, syslogs).
- Utilize SIEM information with other tools such as ACAS, HBSS, SolarWinds, and Palo Alto.
- Identify coverage and efficiency gaps in security data and tooling.
- Notify Government Technical Monitor (GTM) of network intrusions and suspicious and anomalous events, and provide details as required within 1 business day of detection.
- Provide detailed operating process and training for items related to network monitoring.
- Participate in incident response and manage escalations as needed.
- Monitor metrics, and trend data related to network monitoring.
- Provide monthly functional area reports summarizing work accomplished, work planned in next month and important issues occurring during the month.
- Active TS/SCI clearance
- Possess and maintain Information Assurance Management(IAM) Level I certification
- 3+ years experience operating or maintaining a SIEM solution such as the Elastic Stack, ArcSight, or Splunk
- Requires a high school diploma or equivalent and 5+ years of prior relevant experience.
- Experience utilizing SIEM information with other tools such as ACAS, HBSS, SolarWinds, and Palo Alto.