Security Analyst (IDS/ SIEM)

Company Description

OBXtek Inc.

OBXtek is an award winning Service Disabled Veteran Owned Small Business providing information technology and management services to the federal government. As the prime contractor on over 85% of its work, OBXtek is a leader in its field and has a robust corporate infrastructure that provides support for all of its programs. OBXtek has realized exceptional growth over the last four years and has been awarded prime contracts with 10 federal agencies. This growth is a result of providing customers with successful project execution and quantifiable results, responsive customer service, timely recruiting, quality assurance/quality control and competitive pricing.Solid Financial Resources and low Employee Turnover (5%)

Job Description

 Intrusion Protection

Background

DISSAO provides intrusion protection and vulnerability assessments of the SSA Information systems at various inter-dependent levels. The assessment of the network’s security is a crucial first step in providing intrusion protection. Additionally DISSAO provides remediation to security incidents. A key ingredient of this remediation is the recommendation of immediate corrective actions to systems known to have any security weaknesses or vulnerabilities.

Scope of Task

The objective is to evaluate, identify and classify all anomalous traffic across SSA net and then to provide corrective action.

In support of the task, the contractor shall perform activities such as those described in the sub-tasks below.

Sub-Task 1: Intrusion Protection and Vulnerability Assessments

Purpose: Provide intrusion protection and vulnerability assessments at all levels of the SSA computing enterprise including current SSA systems, SSA systems under development or scheduled for implementation.

Activities:

• Provide senior-level advisement to division management and adjacent staff related to Intrusion Protection and Vulnerability Assessments.
• Monitor Intrusion Detection System (IDS) sensors and infrastructure and other monitoring tools based on a schedule defined by SSA Management.
• Monitor vulnerability scanning infrastructure based on a schedule defined by SSA Management.
• Evaluate risk models developed by SSA and provide feedback to the Task Manager.
• Perform ad-hoc scanning as defined by the Task Manager.
• Develop scripts using UNIX shell scripting, Perl, PHP or Visual Basic for use in analyzing traffic patterns and anomalies

Qualifications

Qualifications & Knowledge Requirements

Experience:

Experience: 10 years technically related experience with network and security operations

Desired Security Certifications:

CISSP

CCNA

CEH

Security Plus

Required skills:

Analytical experience:

Implementing Incident Response procedures

Solid understanding of performing risk and vulnerability assessments

Strong Security background and experience in large enterprise environment

McAfee Security Information and Event Management (SIEM)

Splunk ES

Regex

McAfee Web Gateway Proxy

Basic understanding of Web Gateway functionality and operations as they relate to Network Security in an enterprise environment.

Additional Applications:

VMWare (VCenter Server)

Snort

Dragon

Check Point Firewall (IDS Blade)

Sourcefire Defense Center and Sensors:

Experience with signature and rule creation

Deployment of Virtual Defense Center

Security Enhancement and Policy Updates

3D Sensor deployment

Whitelist compliance and traffic tuning

RNA and RUA functionality/management

Additional Information

All your information will be kept confidential according to EEO guidelines.