POSITION: Security Information and Event Management (SIEM) Engineer
LOCATION: Stafford, VA.
STATUS: Contingent on Contract Award
CLEARANCE: Public Trust Moderate or Higher
Cask is a leading Management Consulting firm specializing in delivering business and technical expertise to clients across commercial and government markets. Join the many happy employees at Cask! We have been named a top 5 firm to work for by Consulting Magazine for 5 of the past 6 years.
Position Summary:
As a Security Engineer you will be responsible for leading the Implementation and maintenance of a Security Information and Event Management (SIEM) Tool within the Enterprise. Ensuring the solution provides auditability of security controls as required by NIST SP 800-53 for all systems. Actively support current Security Team, Administrators, and other Stakeholders on the use, integration and reporting of the SIEM solution.
Responsibilities:
· Lead the operational sustainment and monitoring of the SIEM solution
· Provide expert level, on-the-spot SIEM system troubleshooting
· Provide expert advisement through documentation of analysis of new federal regulatory guidance and/or changes to the security environment as it impacts security and SIEM operations.
· Identify areas of improvement opportunities based on Cybersecurity trends and best practices, and present solutions to senior level members of the Cybersecurity team.
· Maintain up-to-date knowledge of current and emerging technologies, cybersecurity publications, and legislation.
· Develop integration strategies between the SIEM solution and monitoring programs
· Develop and follow procedures (SOPs) to integrate additional data sources
· Make updates and changes to accommodate new data sources or changes in the log format of an existing data source.
· Interface with Department-wide effort to create the department-wide SIEM.
· Integrate data from all IT assets.
· Create additional dashboards and/or enhance previously created dashboards
· Create or modify reports necessary for compliance with defined policies and procedures to reflect new data source events.
· Develop multi-media training modules on the implementation and operational aspects of the solution.
· Conduct SIEM training sessions to Security Team, CIO management and ISSOs in the use of SIEM capabilities.
· Mentor team members to ensure skills transfer for systems under this position’s oversight.
Experience:
· Minimum of five (5) years’ of demonstrated experience in Cyber Security Engineering.
· Minimum of five (5) years’ of demonstrated experience in SIEM solutions. (Preferably Splunk)
· Demonstrated working experience with IT security tools (e.g., Tanium, Carbon Black Cloud)
· Demonstrated working experience integrating SIEM data sources.
· Excellent oral and written communication skills with a keen sense of customer service
· Ability to support ad hoc scripting is highly desired
· Understanding of Federal security regulations and policies.
· Hands on knowledge of the Forest Service’s technical environment (Preferred)
Education, Certification, and Licensing Requirements:
· BS in Computer Science, IT, IS, or equivalent area of technical study (IT experience can
· substitute for a BS degree)
· One of the following certifications or higher (CASP+, CYSA, CISSP)
· Splunk Certified (Enterprise Certified Architect or Enterprise Security Certified Admin)
· Active Public Trust Moderate, or ability to attain.
· Must successfully complete a background investigation.
Cask is an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, among other things, or status as a qualified individual with a disability.
EEO Employer/Vet/Disabled