Job Title: Senior System Engineer (Sensor Management)
Locations: Washington, DC; Martinsburg, WVA; Hines, IL; Austin, TX; Arlington, TX
Serves as the Lead System Engineer for the Veterans Affairs on a program providing
active monitoring and real-time analysis of the VA Enterprise network for suspicious activity,
security event, incident monitoring support, sensor management support, incident analysis
support, and technical analysis support and security analysis support to over 45 million weekly
security events on 400,000 workstations, 350,000 users; over 500 network security appliances;
25,000 servers 24x7x365. The EOCS staff consists of 32 contractor personnel at three
geographical locations providing 24 hours/day,7 days/week, 365 days/year support to the
Network Security Operation Center (NSOC).
The NSOC provides a service to the VA that ensures that VA's response to computer security-related
incidents is both timely and efficient. Its goals are to recognize unauthorized activities, assess the damage
that results from those activities, prevent widespread system contamination, and provide cost-effective
recovery services. This capability minimizes both the likelihood and impact of the risk and reduces the
cost of recovery through early detection and response. Computer security incidents may include computer
viruses, unauthorized user activity, and denial-of-service attacks that compromise the integrity and
availability of VA systems.
This position provides Sensor Management support across the Veterans Affairs' enterprise network. The
Senior System Engineer is responsible for monitoring, responding, identifying, and resolving short-term
Sensor Management to the Enterprise Network Defense (END) Teams. The Senior Systems Engineer
must be able to develop and implement long-term proactive support to the VA's Network Specialist,
WAN managers, Information Security Officers.
Responsibilities also include, but are not limited to:
Network and security device monitoring, network and security device administration and management, security event correlation, audit log management, access control, NIPS/HIPS installation and support, and incident response, ticket management, creating queries for the Security Monitoring And Response Team (SMART) and Incident Handling (IH) Teams as well as, providing tuning recommendations, i.e., Intrusion Prevention Systems (IPS), Host Intrusion Protection Systems (HIPS), U.S. CERT analysis,
signature development. Additional duties include managing and maintaining a knowledgebase
along with monitoring configuration changes.
Requires BS/BA or equivalent experience from an accredited college and 7 to l0 years of
progressively more responsible, fulltime, satisfactory experience working in a government
Minimum of 7-10 years as an innovative technical professional, customer service oriented, and
highly knowledgeable engineer in the field of Network and Security Engineering with experience
in a Network Security Operations Center (NSOC) environment.
The ideal candidate must have comprehensive IT experience including support of VPN technology,
intrusion detection, prevention, incident response/recovery, and antivirus support; strong understanding of
Windows and IP networking. In addition, we prefer candidates with 7-10 years of hands-on experience
using Splunk, Sourcefire, IBM Site Protector, and Palo Alto. Windows Servers - The candidate must
have expert knowledge of Windows Server environment and be able to operate within the Windows GUI
Linux+ Certification (Linux Servers - Most IPS sensors run on top of a version of Linux. The
understanding of and ability to navigate the Linux command line interface would be very
SANS GIAC Certified Intrusion Analyst (GCIA)
SANS GCIH Certified Incident Handler (GCIH)
Certified Ethical Hacker (CEH)
Certified Network Defense Architect (CNDA)
Cisco Certified Network Associate (CCNA)
PMP- Project Management (desired)
Putty (Used to establish SSH connections to Sensors for management)
Ping/Trace route (basic dos tool for determining link status between network devices with IP addresses)
Solar Winds - Equipment status monitoring tool
Systems Engineering Experience:
Windows Servers - The candidate must have general understanding of the Windows Server environment
and be able to operate within the Windows GUI environment.
Linux Servers - Most IPS sensors run on top of a version of Linux. The understanding of and ability to
navigate the Linux command line interface would be very helpful'
SANS - storage
Network Engineering/Systems Engineering background:
This candidate should express basic understanding of IP sub netting, VLANs, and the roles of various
Candidate should possess extensive and diverse IT based security related experience directly related to the
capabilities, management, configuration, planning and installation of a broad range of NIPs and IDS
equipment and tools.
Verbal Communications Skills - Conference call facilitation (must have better than average verbal and
written communication skills, must be able to technically, professionally, and casually interact with NDC
team members, Vendor Support Representatives, and Government Full-Time Employees (FTE) leads).
Written Communications Skills - Ability to write variety of Operations, Equipment and Manuals
(OE&M) to include Standard Operating Procedures (SOP's), and After Action Reports (AAR)' This
candidate needs to have a situational awareness to recognize when to take notes and provide summaries
that benefit the team as a whole during learning opportunities/troubleshooting collaboration/and planning
US citizenship required. Must be able to obtain pass background check and obtain a Public Trust - High/BI clearance.