Cybersecurity Principal Specialist

Overview

The Senate Sergeant at Arms is seeking a Cybersecurity Principal Specialist. The complete vacancy announcement and application can be found on the United States Senate Career Page at (Use the "Apply for this Job" box below)./1

VNZQ. This vacancy announcement closes at 7pm EST on the closing date. Late applications will not be accepted.

• Seven to ten years of progressively responsible experience in cybersecurity, with a track record of leading initiatives to resolve highly complex cybersecurity issues.
• Subject matter expertise in one or more cybersecurity domains.
• Strong leadership skills, including experience managing project teams and coordinating efforts across multiple departments.
• Demonstrated ability to develop and implement strategic cybersecurity policies, standards, and frameworks that align with organizational goals.

• As part of our hiring process, we may conduct a skills assessment to better understand an applicant’s proficiency in key areas relevant to the role.

• Cybersecurity
  
  Experience:
  
  Experience in SOC Analysis, Threat Hunting, Threat Intelligence, Malware Analysis, Red Team, or Systems/Network Administration.
• Excellent Communication Skills
  :
  The ability to communicate both verbally and in writing with audiences at varying levels of technical capability.
• Self-Learning: The ability to learn highly technical concepts with minimal instruction and without formal training.
• Abstract Thinking: The ability to abstract away from atomic events and indicators and contextualize them with larger attack chains or process flows.
• Knowledge of Operating Systems: A deep understanding of the internal functionality of all major operating systems (Windows, Linux, MacOS). Preference given for understanding of less well-known OSs such as Cisco IOS, Solaris, and mobile operating systems.
• Familiarity with all Major Rule Formats: Competence with all major rule formats such as Sigma, YARA, Snort, and Suricata. Familiarity with common attack techniques, malware behaviors, and adversary tactics (e.g., MITRE ATT&CK)
• Log Analysis: Proven experience analyzing logs, packet captures, endpoint telemetry, and cloud security events.
• Custom Detections: Demonstrated ability to design, develop, and maintain custom security detections to identify advanced attack techniques, including living-off-the-land activity, lateral movement, privilege escalation, and data exfiltration, using SIEM, EDR, and log analytics platforms.
• SIEM and EDR: Experience with incident response and forensic tools (e.g., SIEM platforms, EDR solutions, forensic analysis tools).
• Analytical Abilities: Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
• Basic Red Team Abilities: The ability to conduct basic red team activities to ensure that detections are validated and tuned correctly.
• Host Forensics: Familiarity with major host artifact locations on major OSs and with major host forensic toolsets.
• Basic Malware Analysis: Ability to conduct triage-level malware analysis during incident response, including de-obfuscating scripts, basic binary analysis, and live process analysis.
• Scripting: Competence in at least one of the most common scripting languages (Power Shell, Python, Bash, Ruby, Perl).
• Documentation: Able to take the results of long and highly technical investigations and capture them in a manner that is clear, readable, and able to drive future operations.
• Certifications: Industry certifications such as CISSP, GIAC (GCIH, GCFA, GCED), CEH, or similar.

• This position directly supports essential services of the U.S. Senate. As such, this position requires the employee be available and prepared to work during a lapse, in inclement weather, on holidays, weekends, and during late nights to ensure essential services to the Senate continue without interruption. In the context of government furloughs, this position is considered excepted.
• The U.S. Senate network cannot be taken offline for maintenance during the workday, or while the Senate is in session. As such, maintenance windows may only occur at night, on weekends, and occasionally on holidays. Employees who perform systems upgrades, maintenance, wiring, backups, support our alternate data centers will have schedules that include working nights, weekends, and holidays
• Sedentary.

• This position requires that the applicant obtain and maintain a Secret U.S. Government security clearance.
• Applicants must be U.S. citizens in order for the SAA to submit your application for a security clearance.