SplunkInformation Security Engineer - Sacramento, United States - iQuasar
Description
Benefits:401(k)
401(k) matching
Competitive salary
Dental insurance
Flexible schedule
Health insurance
Opportunity for advancement
Paid time off
Relocation bonus
Training & development
Title:
Splunk/
Information Security Engineer Location:
Sacramento, CA Clearance: Secret and above
Position Responsibilities:
Responsible for using current information security technology disciplines and practices to ensure the confidentiality, integrity and availability of corporate information assets in accordance with established standards and procedures.
Develops and maintains knowledgebase on changing regulatory threats, and technology landscapes to continually develop or maintain security policies and standards, and ensure compliance throughout the organization.
Provide computer network defense and information assurance for DMEA unclassified and classified secret IT networks to ensure confidentiality, integrity, and availability of DMEA information systems.
Support, monitor, and provide analysis for all aspects of perimeter security including but not limited to Firewall and Intrusion Detection System (IDS)/Intrusion Prevention System (IPS).
Support, maintain, patch, and update gateway e-mail security systems and encryption systems. Support, maintain, patch, and update antivirus and host-based security servers and client software. Administer, support, maintain, patch, and update web proxy and associated systems. Utilize all available monitoring systems to provide computer network defense. Provide Information Assurance (IA) support.At a minimum, the Information Security Engineer – Senior will be required to perform the following tasks:
Design, install, configure, manage, and monitor large distributed/clustered Splunk Enterprise on-site and cloud-based implementations; Create customized DashBoards to comply with Security Controls.
Continuously monitor (ConMon) information systems
Ensure all security incidents are identified and handled within established CND SLAs and follows the DMEA Incident Handling Plan and CSSP Incident Handling Plan procedures.
Review and monitor firewall rules for networks at DMEA, identify issues and deficiencies, make corrections and advise management of possible incidents.
Provide packet capture analysis as needed using various tools such as WireShark network protocol analyzer.
Provide response and support for customer requests for temporary firewall rules and firewall, IDS, and IPS-related issues.
Support, monitor, configure, and manage remote client VPN solutions.
Track and maintain lists of open ports via the DoD Ports, Protocols, and Services Management registry.
Support, maintain, and patch all associated cyber security systems including but not limited to Linux and Windows-based operating systems managed by DMEA.
Review and monitor gateway e-mail security systems for networks at DMEA, identify issues and deficiencies, make corrections and advise management and federal leads of possible incidents, inappropriate use, and malicious domains.
Identify email-based threats and malicious emails, and be able to write custom signatures to identify/alert/block email threats.
Update Antivirus software supporting email security systems.
Provide response and support for customer requests to release valid e-mails and other e-mail security issues.
Support, maintain, and patch all associated cyber security systems including but not limited to Linux and Windows-based operating systems managed by DMEA.
Provide system administration, review and monitor host-based security system server and host systems for networks at DMEA, identify issues and deficiencies, make corrections, and advise management and federal leads of possible incidents and malicious activity.
Provide response and support for host-based security system software and virus incidents, address customer issues, and take corrective action to clean viruses and malicious software from affected systems.
Ensure compliance with DoD requirements as they pertain to host-based security systems.
Review and monitor web content servers and systems, identify issues and deficiencies, collect and review information on malicious sites and update block lists, make corrections, and advise management and federal leads of possible incidents, malicious activity, and inappropriate use.
Coordinate with DMEA and CSSP firewall personnel to set up IP blocks for malicious activity that warrants further action.
Perform scans and analysis of servers, workstations, routers, switches, and all other devices connected to DMEA networks for compliance with federal, DOD, and USCYBERCOM requirements.
Track and monitor IA Workforce Improvement Program (IAWIP) compliance.
Maintain existing and when required create new SOPs in support of this objective.
Position Qualifications:
Education:
Master of Arts or Master of Science
Experience:
Minimum of 10 years of experience
Certifications:
Must have one of the following Information Assurance Technical Level II (IAT II) certifications:
Cisco Certified Network Administrator (CCNA) – Security o CompTIA Cybersecurity Analyst (CySA+) o Global Industrial Cyber Security Professional (GICSP)
Global Information Assurance Certification (GIAC) Security Essentials (GSEC)
CompTIA Security+
Certified Network Defender (CND)
Systems Security Certified Practitioner (SSCP)
Must possess the following computing environment certification(s):
Certified Information Systems Security Professional (CISSP) (or Associate)
Splunk Administrator
The following computing environment certification(s) are desired:
Cisco Certified Network Administrator (CCNA) – Security
Certified Cloud Security Professional (CCSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
VMware Certified Professional (VCP)
Red Hat Certified Engineer (RHCE)
#J-18808-Ljbffr