Cybersecurity Engineer; Linux

Overview

Type of Requisition: Regular

Clearance Level Must Currently Possess: Top Secret/SCI

Clearance Level Must Be Able to Obtain: Top Secret/SCI

Public Trust/Other

Required:

None

Job Family: Cyber and IT Risk Management

Skills: Cybersecurity, Endpoint Security, Linux, Splunk Enterprise Security

Certifications: None

Experience: 8 + years of related experience

US Citizenship

Required:

Yes

Description: We are seeking a highly skilled and multi-faceted Cyber Engineer for a critical contract role supporting Google's SIPRNet enclave. The ideal candidate is a proactive and seasoned professional with extensive, hands-on experience navigating Red Hat Linux, the NIST 800-53 Risk Management Framework (RMF) control requirements, and Security Operations for a classified network in a unique commercial cloud setting. This role requires a blend of technical engineering prowess to provide Security Operations support as well as a deep understanding of continuous monitoring control requirements to prepare for security assessments and auditing.

You will be a key contributor to our SIPR Enclave team, supporting the SIPR Enclave Lead in RMF activities and the Senior Cyber Engineer in security operations support.

From a RMF perspective, as directed by the SIPR Enclave Lead -

• Supports maintaining the Continuous Monitoring program, specifically around vulnerability management, endpoint security, auditing, and security alert triage/monitoring.
• Supports control implementation statement updates, documentation development for plans or procedures, artifact identification for assessments, and body of evidence generation.
• Supports POAM mitigation and/or remediation activities.

From a Security Tools administrative perspective, as directed by the Senior Cyber Engineer, the Engineer -

• Ability to update and maintain security tool versions (Splunk, Trellix, etc).
• Configure, patch, and update the Linux operating systems
• Monitors the following security applications:
  Splunk, Trellix, Tenable
• Scanning implementation (Tenable.sc, SCC Tool)
• SIEM implementation (Splunk)
• Endpoint security implementation (Trellix)
• Works with the vendors of the security applications as applicable to maintain security updates, licenses, resolve support issues (e.g., for Tenable plugins), etc.

For the SIEM:

• Ensure security systems are up to date and implemented.
• Validate the telemetry from the hosts and security applications are forwarded to the SIEM.
• Configures alerts for privileged activity that would be conducted in the enclave as well as alerts from security advisories.
• Triages all alerts from the SIEM to ensure activity in the environment is authorized.
• Investigates, resolves, and reports security incidents in alignment with the Incident Response Plan.

For scanning/STIGs:

• Ensures the inventory of hosts and recurring/ad-hoc scan policies are accurate.
• Reviews the scans to confirm correct, actionable data is generated to support the patching activities.
• Reviews STIG results and supports the team in implementing corrective action as applicable.

For endpoint management:

• Ensures all hosts can be seen in the endpoint security application with ongoing monitoring and applicable policies applied.
• Triages all alerts from the tool to ensure activity in the environment is authorized.

For insider threat monitoring:

• Ensures deployment of tool and related modules are performing as intended.
• Monitors aggregate user data as directed.
• Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.

• Education:
  
  BA/BS Degree or equivalent experience in lieu of degree

• Experience:
  
  8+ years of related experience

• Ability to use security operations of Splunk and Trellix.
• Ability to update security applications, such as Splunk and Trellix.
• Ability to harden the system using STIGs.
• Ability to update the underlying security tools Linux operating system.
• Role requirements:
  
  Knowledge of the complete NIST SP 800 series (especially 800-37, 800-53, 800-30) and risk management principles.
• Certifications:
  
  Must be DoD 8140 / 8570.01-M compliant (e.g., including but not limited to Security+)

• Investigation/Clearance Level:
• Must possess a current and active Top Secret (Sensitive Compartmented Information [SCI] eligibility).

Location: Onsite at the classified operations center in McLean, VA.

• Hands-on experience with security operations of Teramind.
• Hands-on experience with Tenable.sc.
• 5 days onsite McLean, VA

The likely salary range for this position is $142,792 - $175,950. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly

Hours:

40

Travel Required: 10-25%

Telecommuting Options: Onsite

Work Location: USA VA Mc Lean

Total Rewards at GDIT:

Our benefits package for all US-based employees…