AboutWeb is seeking Intrusion Protection Specialists for support to an independent agency in Gwynn Oak, MD . This role is additional assistance to the Division of Information Systems Security and Operations, tasked with providing intrusion protection and vulnerability assessments of the Computer Communication Network. This protection and assessment occurs at various inter-dependent levels. Additionally, the team is tasked with providing remediation to security incidents through recommendation of immediate corrective actions to systems known to have any security weaknesses or vulnerabilities.
Support will strengthen such projects as:
Intrusion Detection Sensor Deployment Network Behavior Analysis Network Penetration Testing and Planning Malware detection and prevention Duties and Responsibilities by Sub-Task:
Task 1: Intrusion Protection and Vulnerability Assessments
Provide advisement to management and adjacent staff related to Intrusion Protection and Vulnerability Assessments. Monitor IDS Sensors, infrastructure, and other monitoring tools based on a schedule defined by management. Monitor vulnerability scanning infrastructure based on management schedule. Evaluate Risk Models and provide feedback to technical contact. Perform ad-hoc scanning as defined by technical contact. Task 2: Industry Awareness
Provideadvisement related to current industry awareness. Visit hacker, security related, other agencies, and anti-virus vendor websites as well as security related industry trade publications. Determine and document potential threats to systems based on this research. Determine and document vulnerabilities in systems based on this research. Recommend corrective action to systems known to have security weaknesses or vulnerabilities. Conceptualize red/blue team exercises as directed by technical contact. Task 3: Evaluate Security Standards
Provide advisement to evaluating security standards used. Stay abreast of various security policies, procedures, and philosophies from multiple components. Task 4: Distinguishing Network Traffic from Authentic Intrusion Attempts
Provide advisement on non-threatening network traffic from authentic intrusion attempts. On a daily basis, review data from firewall monitors such as web server, firewall logs, and other data sources that contain information in external or internal intrusion attempts. Filter out non-threatening network traffic. This task is on-going and performed at the direction of the technical contact. Validate proper system settings and the application of the current version of system patches. This task is on-going and performed at the direction of the technical contact. Determine if sensitive information can be obtained from employees.
Qualifications and Knowledge Requirements:
Bachelors Degree in a related field Ten (10) years of technically related experience Security Certifications: CISSP, CEH, or Security+ are strongly preferred Knowledge of ArcSight: A MUST have, ideally with rule and content writing Knowledge of Incident Response and remediation techniques Knowledge of supporting a proxy server infrastructure (BlueCoat Proxy, BlueCoat AV) Solid understanding of performing risk and vulnerability assessments Security background in large enterprise environments is key Knowledge of VMware (VCenter Server) Knowledge of security tools and scanners such as: Snort, Dragon, Netwitness, and SourceFire 3D (strong plus) Please send all resumes with salary requirements to email@example.com for immediate consideration.
- 22 months ago - save job