Detection Incident Handler - Sterling, United States - V2X

Description

• Senior level opportunity for someone very experienced with Security Operations Centers (SOCs), Incident Management, Detection Engineering and Threat Hunting
• Participates with development, maintenance, and testing of security alerts covering a wide range of operating systems, services, and applications
• Analyze, triage and lead security incidents
• Develop and present performance reports and metrics
• Provide a technical resource and escalation point for Tier 1 and Tier 2 analysts
• Performs activities including planning, providing technical leadership, and tracking projects and key task dates
• Uses security monitoring tools to investigate, respond to, and recommend appropriate corrective actions for data security incidents
• Produce high quality oral and written presentations, communicating complex technical matters clearly and concisely with audiences ranging from peers to senior management
• Develops and assists in maintenance of standard operating procedures to ensure security is in compliance with policies and standards

Minimum Qualifications:

• Active Secret clearance. Must be able to obtain a TS/SCI clearance
• Must be able to obtain DHS Suitability
• 8 years of experience engineering, operating, or managing layered security and SIEM integration for on premise or cloud/private cloud environment.
• 2+ years of Tier 3 incident handler experience in cloud and/or on-premise environment
• Minimum 2 years of professional experience working with AWS or Azure infrastructure, services in a security focused role.
• Advanced knowledge of AWS & Azure architectural concepts and guardrails.
• Experience engineering, operating, and managing layered security and SIEM integration
• Demonstrated experience handling incidents across multiple operating systems
• Excellent written and oral communication skills

Education / Certifications:

• A bachelor's degree in systems engineering, a related specialized area or field. Two years of related work experience may be substituted for each year of degree level education

Desired Certifications:

• DoDI M IAT Level II Technical Certification (Security+ CE, CCNA + Security, SSCP, CYSA) or equivalent AND an Incident Reporter Certification (CEH, GCIH, GCIA, GNFA, or comparable certification)

Experience / Skills:

Desired Skills:

• Information Security and IT certifications: Cisco, Red Hat, AWS, etc.
• Experience administering cyber security tools such as Firewalls, SIEM, and PCAP
• Virtualization technologies, e.g. VMWare, HyperV, etc.
• Scripting in Python or Perl
• Experience operating AWS Guard Duty, AWS Watchdog, Azure Defender and Azure Sentinel.
• Solid understanding of the different file structures, computer architecture, and operating system functions, sufficient to administer and troubleshoot Windows and *nix systems. Candidate must be prepared to demonstrate that they understand common indicators of compromise and where to find evidence of compromise (example: abnormal process, files, network connections, abnormal log entries, etc.) as part of an in-depth collaborative investigation process.

We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace. Vectrus is an Equal Opportunity /Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran.

Minimum Qualifications:

• Active Secret clearance. Must be able to obtain a TS/SCI clearance
• Must be able to obtain DHS Suitability
• 8 years of experience engineering, operating, or managing layered security and SIEM integration for on premise or cloud/private cloud environment.
• 2+ years of Tier 3 incident handler experience in cloud and/or on-premise environment
• Minimum 2 years of professional experience working with AWS or Azure infrastructure, services in a security focused role.
• Advanced knowledge of AWS & Azure architectural concepts and guardrails.
• Experience engineering, operating, and managing layered security and SIEM integration
• Demonstrated experience handling incidents across multiple operating systems
• Excellent written and oral communication skills

Education / Certifications:

• A bachelor's degree in systems engineering, a related specialized area or field. Two years of related work experience may be substituted for each year of degree level education

Desired Certifications:

• DoDI M IAT Level II Technical Certification (Security+ CE, CCNA + Security, SSCP, CYSA) or equivalent AND an Incident Reporter Certification (CEH, GCIH, GCIA, GNFA, or comparable certification)

Experience / Skills:

Desired Skills:

• Information Security and IT certifications: Cisco, Red Hat, AWS, etc.
• Experience administering cyber security tools such as Firewalls, SIEM, and PCAP
• Virtualization technologies, e.g. VMWare, HyperV, etc.
• Scripting in Python or Perl
• Experience operating AWS Guard Duty, AWS Watchdog, Azure Defender and Azure Sentinel.
• Solid understanding of the different file structures, computer architecture, and operating system functions, sufficient to administer and troubleshoot Windows and *nix systems. Candidate must be prepared to demonstrate that they understand common indicators of compromise and where to find evidence of compromise (example: abnormal process, files, network connections, abnormal log entries, etc.) as part of an in-depth collaborative investigation process.

We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace. Vectrus is an Equal Opportunity /Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran.

• Senior level opportunity for someone very experienced with Security Operations Centers (SOCs), Incident Management, Detection Engineering and Threat Hunting
• Participates with development, maintenance, and testing of security alerts covering a wide range of operating systems, services, and applications
• Analyze, triage and lead security incidents
• Develop and present performance reports and metrics
• Provide a technical resource and escalation point for Tier 1 and Tier 2 analysts
• Performs activities including planning, providing technical leadership, and tracking projects and key task dates
• Uses security monitoring tools to investigate, respond to, and recommend appropriate corrective actions for data security incidents
• Produce high quality oral and written presentations, communicating complex technical matters clearly and concisely with audiences ranging from peers to senior management
• Develops and assists in maintenance of standard operating procedures to ensure security is in compliance with policies and standards