GDIT is seeking a Cybersecurity Data Analyst to protect the nation from threats by performing cybersecurity data analysis services, including managing and maintaining the Security Information Events Management (SIEM) capability, long-term analytics platform, log aggregation platform, and cyber threat intelligence capability.
Requirements
- SIEM experience with one of the following ArcSight, ElasticSearch, Splunk, Event Broker, User Behavioral Analysis (UBA)
- Experience providing support to Cybersecurity Operations Cell (CSOC) in creating alerting rules
- Create SIEM playbooks
- Linux (RHEL) Expert (administration and engineering)
- Proficient in manipulating SIEM filters to better find and analyze potential malicious/atypical activity and reduce false positives
- Experience with content development within ArcSight and Kibana to facilitate Cyber Analysts ability to investigate malicious events
- Creation of ArcSight rules based on use cases of malicious events
Responsibilities
- Provide all preventative and corrective maintenance to ensure consistent, reliable, and secure service availability.
- Maintain system availability and reliability with a threshold of 99.99%
- Detect and ticket degradations (volume/velocity) of all SIEM data flows within 60 minutes of the start of the degradation
- Perform day-to-day maintenance, and specific scheduled maintenance activities that result from manufacturers recommended service intervals, alerts, bulletins, available patches, and updates according to agency approved change management processes.
- Perform all development, engineering, testing, integration, and implementation actions necessary for major vendor revisions
- Perform continuous engineering assessments to improve the performance, effectiveness, coverage, and maturity of this service.
- Configure all assets assigned to this service within the Government Furnished Information - Software Tools list in accordance with all Federal, DoD, IC, and NGA laws, directives, orders, polices, guidance, procedures etc.
Other
- Top Secret SCI + Polygraph
- U.S. Citizenship Required
- DoD 8570.01-M IAT Level II and CSSP Infrastructure Support certifications
- 6+ years Experience with SIEM and Development Projects
- 6+ years Experience with SIEM support for projects and technical exchange meetings
