To begin the application process, please enter your email address.
Company Contact Info
- Martinsburg, WV
Sorry, we cannot save or unsave this job right now.
Report this Job
Saving Your Job Alert
Job Alert Saved!
Could not save Job Alert!
You have too many Job Alerts!
Email Send Failed!
Sensor Monitoring Specialist
Apex Systems • Martinsburg, WV
Posted 16 days ago
Role: Sensor Monitoring Specialist
Location: Martinsburg, WV
Hours of Support: 6:00 AM to 2:30 PM EST -- Sunday through Thursday or Tuesday through Saturday
- Certification in one of the following (Security+, Network+, VA CSP, CISSP, C|EH)
- Minimal Bachelors Degree
- Obtain a VA public trust
Roles and Responsibilities:
- The Sensor Monitoring Specialist monitors 100 percent of all VA internal and external network traffic to provide security analysis support to cover over 100 million (M) plus weekly security events, up to 1.4M endpoints (projected out to fiscal year 2020). This support is mainly derived from the NIST SP 800-53 series, Incident Response (IR) Control Families.
- Respond to 100 percent of tickets/ emails and produce an updated analysis progression thereafter in accordance with SLAs.
- Utilize the VA ITSM to manage and track performance.
- Escalate work requests as needed through the VA’s ITSM and utilize the ITSM to document all investigation related activities.
- Monitor, analyze or report 24/7/365 on the following:
- Monitor 100 percent of the network intrusions and malware events using the Security Information and Event Management (SIEM) tool and this shall be performed manually during a SIEM outage
- Collect, review, analyze and correlate security events from Network Security tools in the Wide Area Network, Trusted Internet Connection (TIC) Gateways, Data Centers, local facilities, Business Partner Extranet, and external VA cloud locations as applicable and capability facilitates
- Monitor on premise and CSOC monitored enterprise cloud environment based events for potential incidents
- Monitor for threats at every phase of the Cyber Intrusion Kill Chain.
- Monitor all security devices to ensure confidentiality, integrity, and availability of CSOC architecture and security devices
- Utilize incident response use-case workflows to follow established and repeatable processes to triage and escalate incidents
- Review, inspect, and analyze log files (i.e. Network logs, Server/ Workstation Logs, SPLUNK logs), network traffic and security events from all network security tools within the VA Wide Area Network and Gateway to detect, identify and report anomalous malicious network activity
- Review audit logs and report any unusual or suspect activities in accordance with VA 6500 (i.e. SI-1 – System and Information Integrity Policy and Procedures, and SI-4 – Information System Monitoring)
- Create trouble tickets to capture the detailed analysis of security events, in accordance with established CSOC procedures
- Perform initial validation to determine whether a security event requires investigation, and open a trouble ticket as needed
- Escalate ticket to an incident if the analysis indicates a security compromise.
- Correlate events for early warning and prevention
- Produce Weekly Summary of Sensor Analysis Status Report spreadsheet, to include; status (opened, under investigation, or closed), summary of tickets by ticket number and date, and brief annotation of current analysis to help track progress
- Maintain a daily activity report on assigned investigations and/ or incidents.
- Incorporate input received from other VA teams and external vendor personnel to analyze and validate security events and incidents.
- Review threat intelligence documentation and integrate knowledge into security operations.
- Identify false-positives by correlating security events with vulnerability data and system status.
- Conduct weekly, monthly and yearly trend analysis of security events to identify anomalous malicious activity and repeat infections.
- Utilize open source intelligence and various cyber security threat portals (e.g. Homeland Security Information Network (HSIN), iSight, Shadow Server), and other credible sources for cyber threat information to assist with the validation of incidents.
- Provide technical support to develop and execute custom scripts to identify host-based indicators of compromise.
- Provide technical support for new detection capabilities and improve upon existing security tools.
- Create customized monitoring dashboards using Splunk and other event collection tools to augment SIEM as needed.
- Provide recommendations for event monitoring/ event management/ configuration of security tools for targeted threats and malicious activity during technical meeting or informally through emails.
- Submit Use Cases for analysis by SIEM and Predictive Analytics tools and work in conjunction with the CHTA and CTS – Cyber Technical Services Teams to implement.
- Develop required SOPs and assist other CSA teams with SOP, Playbook, and Work Flow Development.
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178