Security Information Event Management |SIEM| Lead
Security Clearance required: Top Secret
US Citizenship Required
Location: Seaside, CA
Project Summary: This position will be responsible for supporting the operation and maintenance of a cybersecurity operations center (CSOC). Including but not limited to: maintaining the security posture of information systems from its conception to retirement through the integration of Information Systems Security and sound information assurance practices, facilitate use of Cybersecurity technical information in the design, development, testing, evaluation, operations, and maintenance of information technology for the customer's systems, implement Real-time Threat Detection and Mitigation Toolsets, provide proactive cybersecurity threat hunting and penetration testing teams searching the network for gaps and or/signs of attackers before a compromise turns into a full breach, and to resolve incidents and problems and ensure the delivery of high-quality services delivered as rapidly and effectively as possible.
- Participate as system security and cyber subject matter expert in support of engineering design teams and functional interoperability assessments.
- Support the cybersecurity architecture by providing active and engaged solutions to IT teams relative to security design and review processes. Ensure the effective operations of existing and future Cybersecurity IT.
- Ensure log review SOP aligns and incorporates STIG requirements, validate log sources, generation, storage, and security, perform analysis of log data and initiate respond to identified events
- Perform testing and validation activities periodically to confirm that the organization's logging policies, processes, and procedures are being followed properly both at the infrastructure level and the system level throughout the organization.
- Monitor the logging status of log sources to confirm that each source is enabled, configured properly, and functioning.
- Manage the long-term storage of log data and monitor log rotation and archival processes to ensure that logs are archived and cleared correctly and that old logs are destroyed once they are no longer needed. Log rotation monitoring should also include regular checks through automated or manual means of the remaining space available for logs.
- Validate that system's clock is synched to ZULU times so that its timestamps will match those generated by other systems.
- Reconfigure logging based on factors such as policy changes, audit findings, technology changes, and new security needs.
- Document anomalies detected in log settings, configurations, and processes. Such
- anomalies might indicate malicious activity, deviations from policy and procedures, and flaws in logging mechanisms.
- Deploy new ESM, Loggers, Connectors, and perform upgrades for all components of solution to collect data feeds and integrate with other log solutions where ever possible.
- Coordinate with the ITO and program managers for modifications, downtimes, and upgrades.
- Integrate data feeds (logs) into the Logging and SIEM Solution and assist in the proper operation and performance of SIEM, Loggers and connectors.
- Develop integration capabilities with 3rd party systems including network management and trouble ticketing applications.
- Conduct security event collection, using log management tools, initiating event management, enhancing compliance automation, and leveraging identity monitoring activities using the SIEM platform.
- Perform network/system/application/log instruction detection analysis and trending
- Develop filters to assist in the identification of significant events and customize security content including filter/rule/report creation, signature categorization, vulnerability mapping and tune the SIEM filters and correlations to continuously improve monitoring.
- Advise on monitoring and reporting best practices and develop use cases on how to use
- SIEM technologies to achieve end state requirements.
- Strategize and ensure best coverage of DHRA enterprise to include prioritization of devices if necessary and identify deficiencies in log collection.
- Support fact finding or case evaluation supporting tasks as it relates to Logging and SIEM Solution.
- Escalate security events to the CSD Leadership, incident response officer, and incident response team.
- Investigate the anomalous, suspicious or malicious log entries.
- US Citizenship is a requirement of this position in accordance with 8 U.S.C. § 1324b(a)(2)(C)
- 5+ years of experience with an enterprise Logging and Security Information and Event Management (SIEM) solution, to include log collections, management, correlation, aggregation, ingestion, parsing, use case, dashboard, and triggers development.
- Must have an active DOD 8570 IAT III Certification (CASP+CE, CISSP, CISA, CCNP Security, GCED, GCIH)
- Must have Computing Environment (CE) certification(s) relating to the environment or specific tools pertinent this position (SIEM related certification)
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Physical Demands: While performing the duties of this job, this position requires the ability to sit for potentially long periods of time throughout the workday. Hearing sufficient to understand conversations, both in person and on the telephone. Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components for potentially long periods of time without experiencing abnormal hand, wrist, or eye strain. Occasional inspection of cables in floors and ceilings. Lifting and transporting moderately heavy objects, such as computers and peripherals. Must be able to lift up to 50 pounds.
- Work Environment: Includes a typical office environment, with minimal exposure to excessive noise or adverse environmental issues, including exposure to heat, cold, inclement weather conditions, and occasional environmental hazards. Local, regional, and national travel may be required.
Medical, Dental, Vision Plan
AD&D and Life Insurance
Paid Federal Holidays
Paid Time Off
401(k) Retirement Plan
Epsilon is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. EEO/AA: Minorities/Females/Disabled/Vets.
Please click here to review your rights under EEO policy.
If you are an individual with a disability and need special assistance or reasonable accommodation in applying for employment with Epsilon, Inc., please contact our Recruiting department by phone 828-398-5414 or by email email@example.com.