Job Description:
XOR Security is currently seeking talented Security Engineer for a Federal Agency Security Operation Center (SOC). Our project is aimed at establishing cutting-edge techniques for network defense capability with an optimized toolset.
This effort will require a skilled engineer with leadership and hands-on technical experience designing, implementing, and maintaining enterprise SOC tools. The candidate will be expected to have familiarity performing analysis on the operational network and to be able to deliver recommendations on network segmentation and architectural improvements. The candidate will also ensure existing network infrastructure and configuration standards are adhered to when delivering projects. The candidate should be able to coordinate engineering and analysis efforts between network, incident response and management teams. The candidate must have a strong understanding of networking, analysis and cyber security system administration at an operating system and application level, as well as experience with cloud architecture.
Corporate duties such as solution/proposal development, corporate culture development, mentoring employees, supporting recruiting efforts, is also desired.
Position is contingent on successfully completing a program-based background investigation.
Position Roles and Responsibilities:
· Support a SOC engineering team for a 24x7x365 program (core hours with on-call as needed).
· Provide operations & maintenance duties of cyber security tools to include OS and application level upgrades, patching, tuning and configuration changes.
· Hands-on engineering support to install, configure, monitor, and troubleshoot cyber security solutions and related infrastructure and monitoring tools including Security Information Event Management, EDR, endpoint protection, operating systems, L2/L3 network devices, Network Admission Control (NAC), 802.1x, Firewalls, IDS/IPS, VPN Solutions, Web Application Firewalls, Content Filtering, and NetFlow Analysis.
· Deploy, maintain, and support of security infrastructure in both development and production environments to include on-prem and various cloud platforms.
· Provide technical consulting for enterprise security architecture.
· Evaluate new technologies and processes that enhance security capabilities.
· Test security solutions using industry standard analysis criteria and deliver findings reports with Analysis of Alternatives.
· Developing network architectures, diagrams, security plans, and supporting information assurance
· Troubleshoot problems and provide customer support (core hours and on-call) for software, operating systems, middleware and application issues.
· Designs and stands up security tools, components, applications, and servers that meet production specifications and project schedules in coordination with supporting teams and government leadership
· Participate and lead large system and subsystem planning and integration projects.
· Write and update technical documentation such as user manuals, system documentation, and training materials.
· Identify solutions to potential network issues/embrace network simplification and strengthened security.
· Lead problem management and root cause analysis discussions with fellow network engineers, security engineers and analysts.
· Support the Security Impact Analysis (SIA), an analysis that is conducted by the security team to review the extent to which changes to the information system will affect the security state of the system.
· Provide process improvements and cyber security tool enhancements.
· Subset of tools and platforms in scope for O&M Support:
o SIEM
o Endpoint Protection
o Vulnerability Scanning
o SOAR
o Endpoint Detection & Response
o Packet Capture
o Windows & Linux operating systems
Required Qualifications:
· Mid-Level Engineer: Minimum 3 years of experience with network systems engineering, systems development, and security engineering.
· Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems.
· Strong working knowledge of Security Services, Networking, Security Policy and Consulting.
· Advanced working knowledge of encryption algorithms, secure communications, SIEM technologies, embedded systems security; advanced working knowledge of network and data communication protocols.
· Familiarity with standard concepts, practices, and procedures within a particular field such as NIST, FISMA and Common Criteria regulations and standards.
· Experience with Network and Host based IDS/IPS technologies and affiliated modes of operation
· Experience responding to information security issues during each stage of a project’s lifecycle to include: supervise changes in software, hardware, facilities, telecommunications and user needs; using interpersonal skills to interact with customers and team members, strong written and oral communication, strong diagnosis and troubleshooting skills, ability to solve complex technical problems, and ability to learn and support new systems and applications.
· Experience administering hardware, software, operating systems, and application components of various isolated network environments. These components include
Windows workstations/servers, Linux/Unix servers, Mac OSX, Dell, and security applications.
· Strong background in network engineering and systems administration with the ability to maintain systems with 99% uptime requirements (including on-call and weekend support if required).
· Experience with the configuration, installation of log management solutions, Dynamic/Static Malware Analysis systems, enterprise honeynet technologies, and Network/host-based security applications and appliances.
· Experience with deployment and documentation of enterprise project management and change management processes.
· Experience with the configuration, installation (including hardware & virtual deployments), or O&M of one or more of the following technologies: Network Threat Hunting, Log Management, CrowdStrike Endpoint Detection and Response (EDR), SIEM (Splunk, QRadar, Sentinel), workflow and ticketing, and Intrusion Detection/Prevention System, Vulnerability Management (Tenable, Nessus, DbProtect), *NIX/Windows Operating Systems, and virtual and cloud computing (VMware, Azure, AWS, GCP).
· Draft technical requirements, configuration management, and planning documentation.
Desired Qualifications:
· Experience with O&M support in the tools listed in scope (see position roles and responsibilities).
· Experience with deploying & managing systems in the Cloud and leveraging cloud service offerings.
· Experience with Docker (managing containers, networking containers, container orchestration).
· Experience with authentication solutions (RSA, Okta)
· Automation experience to support CI/CD pipeline (tools such as Ansible, Chef, Puppet)
· Strong Linux background with proficiency in CLI configuration, troubleshooting and remediating performance issues
· Understanding of command line scripting and implementation. (e.g., Python, Powershell)
· Strong understanding of networking. (TCP Flags, TCP Handshake, IP addressing, Firewalls, Proxy, IDS, IPS).
· Ability to perform Netflow / packet capture (PCAP) analysis.
· Enthusiastic and eager to support and lead numerous tasks concurrently, able to set own agendas, and effectively manage time and prioritization of work
· Ability to work independently to drive results while also supporting team members and accomplishing overarching program solutions.
· One or more of the following certifications: CISSP, CISSP-ISSEP, Security+, Network+, GCUX, GCLD, GPCS, GCSA, GWEB, GDSA, GCED, GCDA, GCWN, GSEC, AWS Certified Cloud Practitioner, AWS Certified Solution Architect Associate, AWS Certified Developer Associate, AWS Certified SysOps Associate, AWS Certified Advanced Networking – Specialty, AWS Certified Solution Architect Professional, AWS Certified Data Analytics – Specialty, AWS Certified Solution Architect Professional, AWS Certified Specialty - Machine Learning, AWS Certified DevOps Engineer – Professional, AWS Certified Security – Specialty, Microsoft Certified: Azure Fundamentals, Microsoft Certified: Azure Administrator Associate, Microsoft Certified: Azure Solutions Architect
Expert, Microsoft Certified: Azure Developer Associate, Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Data Scientist Associate, Microsoft Certified: Data Engineer Associate, Microsoft Certified: Azure DevOps Engineer – Expert, Microsoft Certified: Azure Security Engineer Associate
Closing Statement:
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.