Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Secret clearance is required.
This position is being opened in the Cybersecurity team, Office of IT Risk Management (ITRM), Office of the Chief Information Officer (OCIO), Federal Student Aid, Department of Education.
This position will serve as the liaison between FSA, the main Education CIO, supporting architecture working groups, and other SOC stakeholders.
This position will also serve as an advisor to the FSA CIO, and to senior management officials, on matters pertaining to the operation of the SOC. This position will manage various projects for the FSA SOC and, skill set permitting, may be called upon to provide assistance in the collection of security related intelligence or the remediation of security incidents.
The position’s primary duties include, but are not limited to:
- Serve as liaison between the FSA CIO and Education stakeholders.
- Identify operational issues within the SOC and make recommendations for the resolution.
- Organize and run regular meetings between the architecture teams to resolve issues and facilitate interoperation.
- Manage long-term projects which involve one or multiple organizations.
- Serve as a senior expert and consultant to the FSA SOC and to senior management officials regarding the operation of the SOC and the integration of the SOC into other IT programs.
- Advise other IT experts on issues pertaining to SOC operations and the technologies used by the SOC which include, but are not limited to, Intrusion Detection Sensors, Security Event Management systems, Anti-Virus systems, Content Filtering solutions, Firewalls, and Access Control Lists.
- Track the resolution of requests for service made of the SOC by external organizations, or by the SOC of external organizations. This includes following up on these tasks to ensure completion and reporting on their status to the SOC.
- Write drafts of memos and other official communications pertaining to the operation of the SOC for the program manager to review and submit to senior management officials.
Specifically, candidates must have experience with the following:
- 7+ years experience in IT Security (may overlap the other experience qualifications)
- 5+ years of management experience (may overlap the other experience qualifications)
- 5+ years of experience working in or with a Security Operations Center (may overlap the other experience qualifications).
Differences between signature based and behavioral or anomaly based NIDS
Underlying technology behind HIDS and the benefit in a “defense in depth” strategy
IDS tuning principles and concepts
Trust zone configurations/examples
Difference between packet filter, stateful, and application layer firewalls
General conceptual knowledge of current technologies/hardware
SPAN concepts as they relate to IDS monitoring
Conceptual knowledge of LAN/WAN technologies (MPLS, Ethernet/Fiber speeds, VLAN, Subnets, etc.)
Conceptual knowledge of how these affect security posture and IDS monitoring
Basic difference between encryption technologies (asymmetric v. symmetric)
Security Event Management –
Familiarity with Splunk ES
Knowledge of channels and filters with regards to tuning the SEM application for the analysts
Data feeds required to get a comprehensive look at the security posture of your networks (Syslog, Event logs, IDS, A/V, etc.)
Storage solutions –
Conceptual understanding of types of storage (SAN, NAS, direct-attached)
Knowledge of common security controls such as NIST guidance, FISMA controls, DoD controls, etc.
- One or more IT Security certifications (CISSP, GIACH, etc.) are preferred
- One or more Project Management certifications (PMP, CPM, etc.) are preferred
- Strong written and verbal communication skills