Intrusion Detection Engineer

Location: Washington, DC
Date Posted: 11-20-2017
We are seeking an Intrusion Detection Engineer for a full time opening in Washington, DC. All applicants must be U.S Citizens with an active Top Secret Clearance and the ability to obtain a Q/SCI.
  • Serve as the Cyber Operator responsible for managing indicator and signature development and sharing across our networks as well as other communities.
  • Perform technical security activities to include:
    • Manage Intrusion Detection Systems.
    • Work with National Cyber Centers to auto mate signature sharing.
    • Work with local resources to develop and write new signatures.
    • Assess deployment of existing capabilities to reduce gaps.
  • Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
  • Assist the watch in the evaluation of alerts when triggered.
  • Principle interface to IC-SCC with respect to indicators and signatures of all cyber related events.
  • Comment on new ODNI/NIST standards / regulations as applies to client environment
  • Employ best practices when implementing security requirements within an information system. 
  • Participate in DOE Indicator Sharing Working Group.
  • May serve as a technical team or task leader.
  • Maintains current knowledge of relevant technology as assigned.
  • Respond to cyber incidents as defined in DOE-IN Incident Response and local SOP.
  • Participates in special projects as required
  • Desired Candidates have CISSP or other security certification.
  • Experience with Snort/Sourcefire.
  • Candidates must have the following experience and knowledge:
  • Knowledge of the IC, and national level system security initiatives and secure Information/Local Area Network (LAN)/Wide Area Network (WAN) technologies.
  • Possess effective interpersonal and presentation skills as he/she operates in a client-facing role.
  • Possess the ability to communicate in written and oral form.  Publication or presentation experiences a plus.
  • Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.
  • Candidate will be a Proactive Self Starter
  • Candidate will Require Little to No Immediate Supervision or Day to Day Tasking
  • Candidate will Possess Excellent Decision Making Skills.
  • Candidate will Demonstrate Flexibility and Possess the Willingness to Support Shift Work if Needed.
  • Candidate will Possess Excellent ability to Collaborate as a Team and Possess Excellent Interpersonal Skills.
  • Candidate will Possess Excellent Oral and Written Communication Skills and be able to Interact with Senior Levels of Management.
  • Possesses experience supporting the Intelligence Community (IC)
  • Experience with FireEye Orchestrator, Carbon Black or other signature deployment tools.
  • Experience with supporting the Joint Worldwide Intelligence System (JWICS).
  • Knowledge of cloud architecture.
  • Knowledge of virtualization capabilities.
 Must possess an active TS clearance (SCI preferred) and ability to obtain a Q/SCI clearance. To ensure Q clearances are processed in a timely manner (3-6 months), candidates must be natural born citizens. It is recommended not to consider candidates with immediate family members that are not natural born citizens as the processing time will likely exceed 6 months. Immediate family members include parents, siblings, spouse/partner, children.
this job portal is powered by CATS