Cyber Security Network Auditor

Cyber Security Network Auditor

Vacancy expired!

Description

Job Description:

The Enterprise & Cyber Solutions Operation is hiring a Cyber Security Network Auditor to support the National Air and Space Intelligence Center at Wright-Patterson Air Force Base, Ohio. An active TS/SCI is required; all work is onsite.

Primary Responsibilities

• Work with and lead Cybersecurity personnel to install, configure, and deploy Elastic Stack across NASIC's Cornerstone Networks, in support of the IC and AF auditing requirements.
• Develop and document procedures/polices in order for NASIC to be compliant with Auditing guidance such as ICS 500-27 (Collection and Sharing of Audit Data). Provide technical support for any possible investigations and inquiries which may result of any misuse of information resources.
• Maintain and expand (as necessary) NASIC's auditing solution (currently Elastic Search, logstash, beats, and kibana) across NASIC's Cornerstone Networks, in support of the IC and AF auditing requirements
• Develop and document procedures/polices for NASIC to be compliant with Auditing guidance such as ICS 500-27 (Collection and Sharing of Audit Data). Provide technical support for any possible investigations and inquiries which may result of any misuse of information resources.
• Utilize Security Information and Event Management (SIEM) software products, such as the Elastic Stack, to create custom queries, searches, alerts, and dashboards.
• Identify and evaluate anomalous and suspicious system and network activity, detect and assess network intrusions and malware behavior by incorporating, monitoring, and analyzing event logs across numerous device types (TCP/IP, packet analysis, Windows logs, syslogs).
• Utilize SIEM information with other tools such as ACAS, HBSS, SolarWinds, and Palo Alto.
• Identify coverage and efficiency gaps in security data and tooling.
• Notify Government Technical Monitor (GTM) of network intrusions and suspicious and anomalous events, and provide details as required within 1 business day of detection.
• Provide detailed operating process and training for items related to network monitoring.
• Participate in incident response and manage escalations as needed.
• Monitor metrics, and trend data related to network monitoring.
• Provide monthly functional area reports summarizing work accomplished, work planned in next month and important issues occurring during the month.
  

Basic Qualifications

• Active TS/SCI clearance
• Possess and maintain Information Assurance Management(IAM) Level I certification
• 3+ years experience operating or maintaining a SIEM solution such as the Elastic Stack, ArcSight, or Splunk
• Requires a high school diploma or equivalent and 5+ years of prior relevant experience.

Preferred Qualifications

• Experience utilizing SIEM information with other tools such as ACAS, HBSS, SolarWinds, and Palo Alto.

External Referral Bonus:
Ineligible

Potential for Telework:
No

Clearance Level Required:
Top Secret/SCI

Travel:
Yes, 10% of the time

Scheduled Weekly Hours:
40

Shift:
Day

Requisition Category:
Professional

Job Family:
Cyber Security

Pay Range: