Network Security Engineer to support the Missile Defense Agency Computer Emergency Response Team (CERT) on the JRDC program at Schriever AFB, CO.
Network Security Engineer to conduct Network Intrusion Detection (NID) monitoring on all Subscriber networks and maintain Situation Awareness (SA) of MDA-wide network monitoring. Collect security event audit log information from network security devices (e.g., firewalls, routers, switches, etc.) and mission critical servers and review the security event log information for anomalies and known attack patterns. Will develop/disseminate CND Alert and Notification messages to warn Subscribers and provide guidance or counter measures to defend against the threat. The candidate will also review data originating from, or reflecting status of, ongoing intrusions or incidents and document the findings of apparent activities involved and any intrusive or damaging traffic leading to or from compromised hosts (as needed). Review/assess the cyber threat environment (including CIFC threat assessments) for MDA Subscriber network applicability and disseminate guidance to improve network defensive posture. Monitor the cyber threat environment and notify Subscriber networks of changes in the threat and recommend updates to network/ system configurations/rule sets. Conduct system forensics analysis identified by the government by reviewing the contents of compromised system, documenting unusual files and data, and/or identifying the tactics, techniques, and procedures used by an attacker to gain access. Preserve Forensic chain of custody for evidence when required and notified by the Government PM/APM. The candidate will also develop, establish, review and update CND response procedures, Standard Operating Procedures, Internal Operating Processes, manuals, and other MDA Computer Emergency Response Team (CERT) documentation.
One of the following certifications is required: GCIA, CEH, Security +, GSEC, SCNP, SSCP or CISSP. Familiarity with CERT/CND security policies and procedures. Ability to providing security analysis and solutions in a WAN/LAN environment. Must be willing to work a mission critical shift which may include evenings, nights, holidays and weekends. Must be willing to travel on short notice. Travel requirements will usually not exceed two weeks on any given assignment.
Correlating security events across a WAN (ArcSight preferred). Operating vulnerability assessment tools (e.g. Retina, Nessus, HBSS, etc.). Ability to work as part of an integrated network operations and support team.
Experience: 10 years
Security: Top Secret