CND Security Engineer - Active TS/SCI Required! ( R-00074880 )
Looking for an opportunity to make an impact?
At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers’ success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business.
Are your ready for your next challenge?
We are in search for a Computer Network Defense (CND) Security Engineer - Active TS/SCI Required to work at our customer site at the National Maritime Intelligence Center, Suitland, MD. In this role you will provide operations, engineering, and technical support services and associated supplies to support certain Amazon Web Services resources, Red Hat Enterprise Linux servers, Splunk software, Python scripting language, REGEX parsing, and .xml presentation format development, architecture, administration, and Risk Management Framework (RMF) requirements and operations of the Hopper ISC CYBERDEP Security Information Event Management and NAVINTEL Enterprise Audit Capability (SIEM/NEAP).
Note: To be considered, must have an active Top Secret/SCI clearance
The Hopper Information Services Center (ISC) is an IT service provider for the Office of Naval Intelligence (ONI) and for 70+ Navy Intelligence Community (IC) ashore organizations across the globe with the mission to deploy and operate classified information systems, networks, communications systems, and cybersecurity capabilities. Within Hopper ISC, the Cybersecurity Department (CYBRDEP) is comprised of four divisions (Defensive Cybersecurity Operations [N62], Cybersecurity Mission Operations [N63], Assessment & Validation [N64], and Cybersecurity Engineering [N66]), and these divisions collectively secure, protect, assess, and monitor fielded Information Technology (IT) capabilities against a full range of internal and external threats.
Security Information Event Management (SIEM) platforms support threat detection, compliance, and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources. The core capabilities are a broad scope of log event collection and management, the ability to analyze log events and other data across disparate sources, and operational capabilities (such as incident management, dashboards, and reporting). Enterprise Audit is an activity that “provides authorized personnel with the ability to review and examine any action that can potentially cause access to, generation of, or affect the release of classified or sensitive information.”
If this sounds like the kind of environment where you can thrive, keep reading!
THE CHALLENGE (primary responsibilities)
* Provide assistance and direction to the Hopper Information Services Center in deploying, developing, maintaining, operating, administering, and supporting the technology capable of SIEM ingest and display as well as automating auditing in accordance with ICS-500-27 to identify, record, and report anomalous user activities that might be indicative of potential compromises of classified or sensitive information.
* Act as the subject matter expert (SME) in a Security Engineer capacity and participate in meetings, working groups, system demonstrations, and conferences in support of the effort. Consider and present various alternatives for implementation including identification and prioritization of resource requirements, the cost for additional tools, timeframe for implementation, and risks.
* Coordinate across IT domains and multiple teams (internal and external) and influence Hopper ISC regarding solution design, process and/or approaches to ensuring all SIEM and EAC systems are up-to-date, working efficiently and ensure all mission requirements are met.
* Build, configure, implement, develop, and maintain the NAVINTEL Enterprise Audit Capability (EAC), which currently consists of Splunk Enterprise, Splunk Enterprise Security, and a Filtered Audit Data (FAD) Distribution Point (DP) to support both the transmitting and receiving of audit data to and from the EAC.
* Implement custom integrated case management and workflows within Splunk Enterprise Security to identify, categorize, and if needed, escalate events of interest and manage event data streams flowing into the EAC.
* Implement Network and Asset Models to support audit community groups with applicable views to allow for the analysis of audit data specific to a group’s mission area and configure audit notification and alerts in accordance with defined thresholds and severity levels.
* Provide documentation to support the design, development, integration, configuration, installation, administration, operations, security assessment, and authorization, and disaster recovery of the EAC.
* Configure forwarders to properly configure/send log data to indexers information from NAVINTEL endpoint log file data of customer interest as well as audit event data according to CIM or a documented EAP schema.
* Perform, in support of real-time incident response, analysis of NAVINTEL endpoint log file data of customer interest as well as audit event data and alerts to configure dashboards and saved queries which would identify anomalous/suspicious activity, possible policy or security violations and the individuals responsible, and other network or systemic risks and vulnerabilities.
* Provide analysis and assessment results to the Government and make recommendations to resolve identified discrepancies, evaluating existing rule sets, and tuning, modifying, or developing existent/new search/dashboard/rule sets to achieve program objectives.
*Active TS/SCI clearance
*Must possess a CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH or CCSP
*An OS-specific (Linux) administration certification
*8+ years experience administering Splunk Enterprise, configuring Splunk Forwarders and Heavy Forwarders, and working with system administrators to install Universal Forwarders and configure .conf files to pick up logs from non-standard file locations.
*8+ years experience configuring and maintaining Splunk deployment servers to ensure customer log data is properly flowing in, creating indexes within Splunk, maintaining hot/warm/cold/frozen bucket health for target retention timeframes.
*8+ years experience installing, configuring, and utilizing Splunk Apps and Add-ons for various technologies within the Enterprise, working with system administrators to generate and ingest the proper data needed to make those Apps and Add-Ons work, and creating useful Splunk saved queries and dashboards based on customer input.
*5+ years or more experience administering Splunk Enterprise Security, formatting incoming log data to be indexed according to a documented .xml schema, making incoming log data CIM compliant, and formatting collected log data into a useful form for Splunk Enterprise security and other automated Audit/Anomaly Threat Detection technology.
*Experience configuring Splunk Universal Forwarders, Forwarders, and Heavy Forwarders, creating indexes within Splunk, formatting incoming log data to be indexed according to a documented schema, creating useful Splunk saved queries and dashboards based on customer input, and enhancing the use of log sources to conduct such work.
*Experience configuring and maintaining Splunk deployment servers to ensure customer log data is properly flowing in, creating indexes within Splunk, maintaining hot/warm/cold/frozen bucket health for target retention timeframes.
*Experience installing, configuring, and utilizing Splunk Apps and Add-ons for various technologies within the Enterprise, working with system administrators to generate and ingest the proper data needed to make those Apps and Add-Ons work, and creating useful Splunk saved queries and dashboards based on customer input.
*Experience administering Splunk Enterprise Security, formatting incoming log data to be indexed according to a documented .xml schema, making incoming log data CIM compliant, and formatting collected log data into a useful form for Splunk Enterprise security and other automated Audit/Anomaly Threat Detection technology.
*Demonstrable experience with integrating and analyzing multiple security-relevant data sources.
*Demonstrable experience in generating reports of such analysis, and briefing other team members and/or senior management on analytical findings.
Pay Range:Pay Range $74,750.00 - $115,000.00 - $155,250.00