- Springfield, Virginia, United States
XOR Security is currently seeking a talented Senior End-Point Security Engineer to support an Intelligence Community Customer in Springfield VA. The Cyber Security Operations Cell (CSOC) support includes analysis, investigation, reporting and remediation of cyber incidents, incident escalation to CSOC/Focused Operations, planning and development of cyber countermeasures, initiation of incident notification procedures, and collaboration with external IC and DoD Cyber units as well as reporting Cyber Defense status to the CSOC, Customer leadership, and external IC and DoD Cyber units.
To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis, and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have experience with Linux System Administration, Carbon Black Response, Carbon Black Protect, Host Base Security System (HBSS), McAfee ePolicy Orchestrator (ePO), Tanium, and industry standard certifications such as: CompTia Security +, CISSP, CASP.
- Provides feedback to design engineers and evaluates end-to-end systems and systems-oriented products through their entire life cycle.
- Conducts research and evaluates technical performance of software products and overall segments and systems.
- Ensures products and systems comply with requirements and government information assurance and cyber security standards and practices through formal verification methods.
- Verifies/validates systems with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures focused on the threat to information networks.
- Assesses performance using evaluation criteria and technical performance measures. Prepares assessments and cyber threat profiles of current and planned products based on sophisticated testing, research, and analysis.
- Participates in design reviews of components (hardware and software) to ensure applicability to the current system and traceability of requirements.
- Reviews test plans/procedures and ensures they verify/validate the requirements. Develops and maintains analytical procedures to meet changing requirements.
- Produces high-quality papers, presentations, recommendations, and findings for senior US government intelligence and operations officials.
Springfield, VA. USA
Skills and Qualifications:
- Ten (10) years of experience in network defense environments
- Master’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience
- Position requires a current CND-A certification with the appropriate computing environment certification(s) for the tools and devices they support IAW DoD 8570.01-M
- Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Security Engineering
- Ability to work greater than 40 hours per week as needed (occasional night and weekend work required)
- Ability to work on-call for escalated cyber security incidents.
- Experience with deployment and documentation of enterprise project management and change management processes
- Ability to identify solutions to potential network issues/embrace network simplification and strengthened security
- Ability to conduct event triage and analysis and incident investigation
- Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts
- Strong logical/critical thinking abilities, especially analyzing network traffic and IDS events for malicious intent
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting
- Understanding of command line scripting and implementation (e.g., Python, Powershell)
- Ability to write new content/searches/scripts (e.g., Splunk dashboards, Splunk ES alerts, SNORT signatures, Python scripts, Powershell scripts)
- Experience with tools such as Active Directory, Cisco IOS, MS Server, ESA, WSA, Stealthwatch, AMP, Splunk, Splunk ES, SNORT, Yara, IronPort, and Firepower.
- Strong understanding of networking (TCP Flags, TCP Handshake, IP addressing, Firewalls, Proxy, IDS, IPS)
- Ability to perform NetFlow / packet capture (PCAP) analysis
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and TOP SECRET WITH SCI CLEARANCE REQUIRED.