Security Engineer

Vista Global Solutions (VGS) is seeking a Security Engineer to assist with our client’s enterprise-wide cyber systems security

Location: NCR/ Telework (Hybrid) 

Position Description 

Responsible for 24/7 (on call) Security Tool O&M/user support for DHS Security tools. Ensures disaster recovery, databases, server roles (DNS, AD, Remote desktop), AD, DNS, Remote Desktop, Domain Tools, Infoblox DNS Threat Analytics, Database, Disaster Recovery, DbProtect, Venafi, RedSeal, Burp Suite Pro, Suricata, SAVScan, NetWitness, ArcSight, FireEye, Swimelane, Splunk, Grafana, SIEM, Crowdstrike, SOAR, wireshark, Bluecoat, Sophos, Palo Alto MineMeld, Palo Alto DLP, Mcafee (ePO, DLP), Volexity, Symantec Endpoint Protection, ProofPoint, O365 DLP. FireEye (EX, HX, NX), CA PAM, Thycotic Secret Server, Sailpoint, RSA Archer, Tenable/Nessus, Tanium, EnCase and other security tools are functional, configured, accredited, documented, patched, security compliant, monitored, optimized, available 99.95%+ as well as user support. Experience demonstrating capability to meet position duties. 

Responsibilities 

Provide DHS NOC/SOC Security Tool Maintenance create procedures and documentation for maintaining all security hardware and software. Categories of tools to be managed include DMA tools, SIEM, Malware analysis, asset management, forensics, encryption, continuous monitoring tools, and incident and case tracking and ticketing.  

• Perform full‐scope administration, maintenance, management, and configuration, patching, upgrades and optimization of security tools, devices, application systems, and servers and sensors within the cybersecurity infrastructure. 
• Maintain SIEM applications to collect and aggregate IDS/IPS data from network sensors, raw data from collection agents, firewalls, proxy servers, DLP, antivirus, vulnerability scanner elements and other security‐relevant devices. 
• Interface DHS Enterprise and systems information into the SIEM tool using information from the Compliance and Technology Information Assurance Compliance System (IACS) and input from tool ISSOs and perform asset categorization and prioritization. 
• Install and/or modify network and/or endpoint security elements, tools, and other systems as required to maintain optimal coverage and performance, as approved by Management. 
• Create and maintain standard Tool Maintenance Design Documentation and Test Plans for new and existing security applications and hardware in order to avoid obsolescence and to improve productivity for the DHS user community and for DHS management. 
• Create diagrams of new or revised solutions for transition to operational support encompassing the entire "end‐to‐end" configuration flow diagram describing all solution elements. 
• Administer, manage, configure, maintain, and tune SOC tools, devices and application systems, servers and sensors, and remediating vulnerabilities. 
• Review network security architecture and design, and provide recommendations to the Government Leads 
• Configure and manage security tools to optimize data correlation and event discovery and detection. 
• Provide security device signature maintenance and performance reports. 
• Maintain the SIEM to collect and aggregate alert data from IDS/IPS/DLP network sensors, raw data from collection agents, firewalls, proxy servers, antivirus, and vulnerability scanner elements. 
• Enroll DHS network and systems information into the SIEM tool, using information from the Compliance and Technology Information Assurance Compliance System (IACS) and input from ISSOs, and perform asset categorization and prioritization. 
• Create and maintain tool tuning and operation O&M SOPs/CONOPS and functionality and or operational documentation and other required documentation as described in the Cybersecurity Service Provider Program (CSP) 
• Maintain a monitored, remotely accessible, unattributed network for use by DHS SOC analysts in accordance with DHS and FISMA directives 
• Maintain an Out of Band Digital Media Analysis network for use by DHS SOC analysts in accordance with DHS and FISMA directives. 
• Operate and maintain any other tools under the direct control of DHS SOC, such as specialized or “one-off” monitoring or analysis platforms. 
• Track and manage SOC security devices, physical property, and asset management. 
• Assist the Government Local Property Officer (LPO) with documenting and maintaining inventory of Enterprise SOC document property and assets, documenting Enterprise SOC software licenses, and tracking maintenance and support agreements, including technology refresh. 
• Be responsible for supporting LAN/WAN/SD-WAN security solutions including creating and maintaining LAN/WAN access control standard design documentation. 
• Provide appropriate diagnostic or monitoring tool enhancement recommendations to the Government 
• Manage all software licensing on behalf of the DHS SOC 
• Assist with requirements gathering and systems analysis for new software requirements 
• Provide Software Maintenance Recommendations to the Government Leads 
• Provide recommendations to meet business needs 
• Perform security impact assessments 
• Assist with vendor product evaluations and provide an impact analysis for any new software/products proposed 
• Provide a monthly report that includes the following information: Software and Maintenance Renewals and the Software License Inventor 
• Support the Operations and Maintenance (O&M) and feature development for the DHS incident tracking system, and integrations with the SOAR tool. 
• Identify information sources, analyze data sets for inclusion and develop mechanisms for pairing down the information upon ingestion. This can be done through Search Processing Language (SPL). Any other tools must be presented and approved by the government 
• Propose enhancements for these candidates to the Government for evaluation and prioritization. 
• Establish a SIEM capacity management process and plan. 
• Test SPL content, scripts and other automation products prior to deployment to ensure they do not produce a negative impact to either the logging solution or other tools and technologies. 
• Revise content as needed to enhance performance and ensure compatibility. 
• Report all new, modified and removed content to the Government. 
• Ensure that systems under SOC control are compliant with the existing DHS Security Logging Strategy. 
• Tune the capabilities as practicable to improve efficiency. 
• Propose enhancements for these candidates to the Government for evaluation and prioritization; 
• Identify shortfalls in the current capability. 
• Recommend improvements to current processes. 
• Review network Systems Engineering Lifecycle (SELC) as required and provide comments as requested by the network engineering team regarding evaluation, testing, design and implementation of a security architecture that supports network security controls, monitoring, and analysis of network security events, and data flow, collection and retention. 

Skills/Experience:  

• Design and develop cyber security technology along with integration of new architectural features into existing infrastructures while maintaining the integrity and security of enterprise-wide cyber systems and networks. Demonstrate skills and experience required to meet position requirements. 

Years of Relevant Experience: 4+ (mid) /  

Education: Bachelor's Degree  

Certifications: Certification involving cybersecurity