CybersecurityJobs.io
← Back to all jobs

Job Description

Onsite Cybersecurity Operations Specialist role in Springfield, VA focused on SIEM services within the CSOC, ensuring high availability and collaboration with government partners.

Responsibilities

  • Perform preventative and corrective maintenance to sustain secure, reliable service availability. This includes managing vendor RMA processes, proper disposal of failed equipment/software, installing and testing new hardware/software, and configuring new assets.
  • Maintain system availability at or above 99.99%.
  • Identify and ticket degradations in SIEM data flows within 60 minutes of onset.
  • Conduct daily and scheduled maintenance driven by vendor advisories, patches, and approved change management; keep documentation, change logs, and service bulletin libraries updated in the CSOC knowledge base.
  • Lead emergency maintenance actions to minimize outage durations, with Government approval and coordination through CSOC and ESC governance.
  • Perform development, engineering, testing, integration, and implementation actions for major vendor revisions.
  • Continuously assess engineering to improve performance, coverage, and maturity of the service.
  • Document instances of lost event logs, including occurrences like DNS logs not ingested during specific windows.
  • Configure all service assets within the Government Furnished Information - Software Tools list in accordance with federal, DoD, IC, and NCE policies.
  • Execute total integration actions to ensure interoperability among all GFI software tools assets, enabling proper parsing and ingestion of data for internal and external reporting systems.
  • Use agency approved ticketing systems to document, track, assign, update, and coordinate engineering, integration, configuration, and maintenance actions.
  • Utilize monitoring, analysis, and visualization tools to track effectiveness, status, and metrics as required by Government staff and related Cybersecurity Operations and Readiness teams.

Requirements

  • Hands-on SIEM experience with ArcSight, ElasticSearch, Splunk, Event Broker, or UBA.
  • Experience supporting CSOC operations by creating alerting rules.
  • Author SIEM playbooks.
  • Expert level Linux (RHEL) administration and engineering.
  • Proficient in tuning SIEM filters to detect malicious or atypical activity and reduce false positives.
  • Experience developing content within ArcSight and Kibana to aid analysts investigating events.
  • Develop ArcSight rules based on malicious-event use cases.
  • Tune and aggregate queries and filters.
  • Skilled in troubleshooting event flow through Enterprise Audit infrastructure.
  • Skilled in troubleshooting event formats and parsing for ingestion into data storage and SIEM tools.
  • Active TS/SCI clearance.
  • DoD 8570.01-M IAT Level II and CSSP Infrastructure Support certifications.
  • 6+ years of experience with SIEM and development projects.
  • 6+ years of experience providing SIEM support for projects and technical exchange meetings.
  • 6+ years of experience developing and maintaining enterprise audit projects.
  • Kibana experience.
  • Data analytics experience.

Technologies

  • ArcSight
  • ElasticSearch
  • Splunk
  • Event Broker
  • User Behavioral Analysis (UBA)
  • Kibana
  • Linux (RHEL)
  • DoDIN – Joint Incident Management System

Your Impact

Contribute to national safety by applying expertise to protect critical infrastructure from cyber threats and by ensuring robust SIEM operations within the CSOC framework.

Work Requirements

  • Years of Experience: 6+ years of related experience
  • May vary based on technical training, certifications, or degree
  • Travel Required: None
  • Citizenship: U.S. Citizenship Required
  • Active TS/SCI Clearance
  • DoD 8570.01-M IAT Level II and CSSP Infrastructure Support certifications
  • 6+ years experience with SIEM and development projects
  • 6+ years experience with SIEM support for projects and technical exchange meetings
  • 6+ years experience developing and maintaining enterprise audit projects

Salary and Benefits

  • The likely salary range is $128,039 - $173,229 per year. Final compensation depends on experience, location, and contractual requirements and may fall outside this range.
  • View information about benefits and our total rewards program.

Similar Jobs