The Security Information and Event Management Content Lead (SIEM
CLEARANCE- DOD SECRET
The Security Information and Event Management Content Lead (SIEM) Content Lead supports a Civilian Agency Cyber Security Operations Center (SOC) organization protecting the network security of tens of thousands of users. The work site is located in Leesburg, Virginia.
The SIEM Content Lead is a member of the SOC Operations and Support Branch. The primary focus of the Branch is to research new COTS security tools, develop implementation plans and execute installations and upgrades, and maintain specific applications and their hardware in support of operational needs.
The SIEM Content Lead is required to support the following:
• Develop content for enterprise SIEM application, combining big data security information collection, management, and analytics capabilities with full network and log-based visibility and automated threat intelligence from commercial vendor and other government agencies.
• Develop and upgrade dashboards, channels, filters, rules, and reports, as needed.
• Integrate threat intelligence.
• Maintain and upgrade application to current (supported) version.
• Patch and update application software as needed.
• Maintain version control and document all changes.
• Develop processes for application use by all ArcSight users.
• Must be able to troubleshoot and install all components on Red Hat Linux platform.
• Any other duties as requested by the Contracting Officer Representative and SOC management.
Qualities/Additional info: SIEM Content Lead must provide coverage and maintain a presence in the SOC eight (8) hours per day, five (5) days per week, Monday-Friday between the hours of (0500 - 0000, EST\EDT). Backfill of absent Security Information and Event Management Content Lead is required for all periods of scheduled and unscheduled leave. SIEM Content Lead should be a certified ArcSight Administrator and a proven team player with excellent oral and written communications skills, and a fine attention to detail. He/she should also be a self-starter, capable of working on projects independently, if required. Extremely effective oral and written communications skills are a must, in order to present strategy, architecture and status information to the client in both formal and informal review settings. Frequent interaction with government client is required. Occasional local travel. Infrequent (<5%) local travel, infrequent (<5%) long distance travel.
Required Education and Experience:
- Bachelor's degree in Computer Science or Information systems.
- Minimum ten (10) years of relevant professional experience.
- In addition to required education or equivalent experience;
- Minimum six (6) years IT experience.
- Must have at least four (4) years experience in the role of ArcSight Content development.
- Must be familiar with both Windows OS and Red Hat Linux for troubleshooting and installation.
- Experience with business process reengineering, capability maturity model, change management, or process improvement; and experience with information security devices (e. g., firewalls, and intrusion detection/prevention systems) and applications (e.g. Security Information and Event Management systems).
- Previous experience as a cyber threat analyst and/or intrusion detection analyst is desirable
Level of Clearance Required: Department of Defense Secret
US Citizenship Required: Yes No
PLEASE SEBMIT RESUME IN MICROSOFT WORD FORMAT TO: