Cyber System Signature - Firewall Administrator Level 3 104-042
See a complete list of our open positions
​
Apply at the Bottom of the Page
​
IC-CAP LLC is a Woman Owned / HUBZone Small Business working in the Department of Defense and Intelligence Community. We are always looking for highly talented, energetic, and dynamic professionals that are interested in protecting the defense of our nation.
​
Some of the positions are future positions. Please look at the opening line of the job description to determine if this is an open or future position.
Our positions are not remote unless stated in the job description below.
​
We are looking to fill this position at the following location(s):
- Reston, VA or Bolling AFB, Washington DC and Colorado Springs, CO
Job Description
Cyber System Signature - Firewall Administrator Level 3 will have a opportunity to build strong lines of cyber defense using cutting-edge technologies. Your work in cyber security will have an impact on securing our clients' missions and ensuring we anticipate the threats of tomorrow.
Level 3:
Investigates, analyzes, and responds to cyber incidents within a network environment or enclave.
Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.
Interprets, analyzes, and reports all events and anomalies in accordance with computer network directives, including initiating, responding, and reporting discovered events.
Evaluates, tests, recommends, coordinates, monitors, and maintains cybersecurity policies, procedures, and systems, including access management for hardware, firmware, and software.
Ensures that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards.
Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents and improve security.
Researches and evaluates new concepts and processes to improve performance.
Analyzes cross-functional problem sets, identifies root causes and resolves issues.
Develops techniques and procedures for conducting cybersecurity risk assessments and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the
investigation and resolution of security incidents such as intrusion, frauds, attacks or leaks.
May coach and provide guidance to less-experienced professionals.
May serve as a team or task lead.
HOW A CYBER INTRUSION DETECTION SYSTEM ADMINISTRATOR WILL MAKE AN IMPACT:
Monitor day-to-day operations of the sensors (Suricata, Palo Alto, and ArcSight) located at supporting customer's locations.
Perform Enterprise Defense Countermeasure (DC) activities and coordination with other government agencies to record and prepare incident reports and analysis methodology and results.
Monitor and analyze signature alerts from Intrusion Detection/Prevention Systems (IDS/IPS) for false positives.
Provide technical enforcement of organizational security policies.
Provide "tune-or-drop" recommendations towards the DC team's Signature Lifecycle Review procedure.
Provide insight to Detection and Response teams on signature functionality and providing signature tuning as needed.
Communicate with customers and teammates clearly and concisely.
Maintain current knowledge of relevant technology as assigned.
Participate in special projects as required.
Position is day shift but may require evening, weekend or shift-work (depending on operational tempo).
Required Experience:
Experience authoring Snort signatures.
Experience authoring Yara rules.
Experience with Perl Compatible Regular Expressions (PCRE)
Preferred Skills:
Experience in intrusion detection and prevention systems.
Proficient in network security technologies and protocols.
Dashboarding in Splunk.
Palo Alto Certification Next-Generation Firewall.
Education and Experience:
HSD/GED+10yrs
Associates+8yrs
Bachelors+6yrs
Masters+4yrs
PhD+2yrs
NOTE: Relevant professional certifications will be considered equivalent to six (6) months of relevant experience
Security Clearance:
Active TS/SCI and the willingness to sit for a polygraph, if needed
IC-CAP provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status.