- Springfield, Virginia, United States
XOR Security is currently seeking a talented End-Point Security Engineer to support an Intelligence Community Customer in Springfield VA. The Cyber Security Operations Cell (CSOC) support includes analysis, investigation, reporting and remediation of cyber incidents, incident escalation to CSOC/Focused Operations, planning and development of cyber countermeasures, initiation of incident notification procedures, and collaboration with external IC and DoD Cyber units as well as reporting Cyber Defense status to the CSOC, Customer leadership, and external IC and DoD Cyber units.
To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis, and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have experience with Linux System Administration, Carbon Black Response, Carbon Black Protect, Host Based Security System (HBSS), McAfee ePolicy Orchestrator (ePO), Tanium, and an industry standard certification such as: CompTia Security +, CISSP, CASP.
- Knowledge of Common Criteria Language, and FIPS 140 standards.
- Works on various network types of equipment and related devices from a security protection emphasis to include installing; troubleshooting; modifying; testing.
- Can independently build test network or system prototypes, performing equipment set-up, testing, and participating in test report writing.
- Has the ability to develop attack programs to verify security assurance and weakness capability.
- Gathers and organizes technical information about an organization's missions, goals, and requirements, existing security products, and ongoing programs in the IA arena.
- Performs a variety of routine project tasks applied to specialized technology problems. Integrates electronic processes or methodologies to resolve total system problems, or technology problems as they relate to IA requirements.
- Conducts security assessments and security consulting services.
- Analyzes information security requirements.
- Performs certification for C&A processes for the accreditations of systems.
- Performs vulnerability analysis and assessment using either government or commercial off-the-shelf technologies.
Springfield, VA. USA
Skills and Qualifications:
- Three to five (3-5) years of experience in network defense environments
- Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience
- Position requires a current CND-A certification with the appropriate computing environment certification(s) for the tools and devices they support IAW DoD 8570.01-M
- Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Security Engineering
- Ability to work greater than 40 hours per week as needed (occasional night and weekend work required)
- Ability to work on-call for escalated cyber security incidents.
- Experience with deployment and documentation of enterprise project management and change management processes
- Ability to identify solutions to potential network issues/embrace network simplification and strengthened security
- Ability to conduct event triage and analysis and incident investigation
- Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts
- Strong logical/critical thinking abilities, especially analyzing network traffic and IDS events for malicious intent
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting
- Understanding of command line scripting and implementation (e.g., Python, Powershell)
- Ability to write new content/searches/scripts (e.g., Splunk dashboards, Splunk ES alerts, SNORT signatures, Python scripts, Powershell scripts)
- Experience with tools such as Active Directory, Cisco IOS, MS Server, ESA, WSA, Stealthwatch, AMP, Splunk, Splunk ES, SNORT, Yara, IronPort, and Firepower.
- Strong understanding of networking (TCP Flags, TCP Handshake, IP addressing, Firewalls, Proxy, IDS, IPS)
- Ability to perform NetFlow / packet capture (PCAP) analysis
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and TOP SECRET WITH SCI CLEARANCE REQUIRED.