Cyber Threat Engineer
- Washington, DC
Encompass (IT) Security Services is a full services technology service provider located in Camp Springs, MD. Our services range from enterprise planning and implementation to Cyber Security. Our clients include federal, state and local governments, non-profits and other corporate entities. Encompass IT also offers technology products at our retail locations.
Work on all systems and/or projects within the Office of IT Security responsible for providing cyber security threat detection utilizing network and host- based computer security tools, appliances and end point products.
Maintain system baselines and configuration management items, including security event monitoring "policies" in a manner determined and agreed to by program management.
Provide documentation, software testing (patches, other updates) and interaction with other analysts and operations and maintenance personnel to ensure a complete and functioning system that meets requirements.
Perform analysis of all security systems log files, review and keeps track of triggered events, research current and future cyber threats, reconcile correlated cyber security events, develop and modify new and current cyber security correlation rule sets, and operate security equipment and technology.
Experience in documenting security incidents as identified in the incident response documentation and escalating to management as required.
Experience monitoring key security infrastructure elements, identifying security events, performing analysis, and initiating response activities.
Experience performing packet analysis, identifying malformed packets and their payloads. Experience in
Integration of security products, including designs for all networks as well as designing, engineering, integrating, configuring, testing and deploying them.
Experience and knowledge of OSI layers and TCP/IP troubleshooting techniques.
Experience with Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Vulnerability Assessment tools and other security tools found in large network environments; experience working with Security Information and Event Management (SEIM) solutions.
Technical experience in cyber security, information assurance, network security, computer information systems, computer science, or management information systems.
Understanding of common network services (DNS, web, mail, FTP, etc.), network vulnerabilities, and network attack patterns.
Understanding and familiarity with Security Information and Event Management (SIEM) systems.
Familiarity with intrusion detection / protection, firewalls, and anti-virus systems.
Proven understanding of network protocols.
Microsoft and Linux hosting and systems administration experience:
• Expert knowledge of firewalls, Intrusion Prevention Systems (IPS), and Virtual Private Network (VPN) technologies;
• Expert knowledge of encryption, anti-virus, and patch management technologies;
• Specific knowledge of the Juniper Firewall NPN and related technologies;
• Specific knowledge of the Juniper Secure Socket Layer (SSL) VPN and related technologies;
• Specific knowledge of the McAfee network and host-based IPS;
• Specific knowledge of the McAfee Anti-Virus and Remediation Manager;
• Expert knowledge of various IP protocols and their behavior;
• Expert knowledge of the OSI model and Transmission Control Protocol /Internet Protocol (TCP/IP) stacks;
• Expert knowledge of network routing and switching methodologies;
• Functional working knowledge of internet content filtering;
• Functional working knowledge of wireless communications;
• Functional knowledge of various analysis and system scanning tools.
All your information will be kept confidential according to EEO guidelines.