Cybersecurity Engineer (Linux)

About The Position

Requirements

• BA/BS Degree or equivalent experience in lieu of degree
• 8+ years of related experience
• Ability to use security operations of Splunk and Trelix.
• Ability to update security applications, such as Splunk and Trelix.
• Ability to harden the system using STIGs.
• Ability to update the underlying security tools Linux operating system.
• Knowledge of the complete NIST SP 800 series (especially 800-37, 800-53, 800-30) and risk management principles.
• Must be DoD 8140 / 8570.01-M compliant (e.g., including but not limited to Security+)
• Must possess a current and active Top Secret (Sensitive Compartmented Information [SCI] eligibility).
• US Citizenship Required

Nice To Haves

• Hands-on experience with security operations of Teramind.
• Hands-on experience with Tenable.sc.

Responsibilities

• Supports maintaining the Continuous Monitoring program, specifically around vulnerability management, endpoint security, auditing, and security alert triage/monitoring.
• Supports control implementation statement updates, documentation development for plans or procedures, artifact identification for assessments, and body of evidence generation.
• Supports POAM mitigation and/or remediation activities.
• Ability to update and maintain security tool versions (Splunk, Trelix, etc)
• Configure, patch, and update the Linux operating systems
• Monitors the following security applications: Splunk, Trelix, Tenable)
• Scanning implementation (Tenable.sc, SCC Tool)
• SIEM implementation (Splunk)
• Endpoint security implementation (Trellix)
• Works with the vendors of the security applications as applicable to maintain security updates, licenses, resolve support issues (e.g., for Tenable plugins), etc.
• Ensure security systems are up to date and implemented.
• Validate the telemetry from the hosts and security applications are forwarded to the SIEM.
• Configures alerts for privileged activity that would be conducted in the enclave as well as alerts from security advisories.
• Triages all alerts from the SIEM to ensure activity in the environment is authorized.
• Investigates, resolves, and reports security incidents in alignment with the Incident Response Plan.
• Ensures the inventory of hosts and recurring/ad-hoc scan policies are accurate.
• Reviews the scans to confirm correct, actionable data is generated to support the patching activities.
• Reviews STIG results and supports the team in implementing corrective action as applicable.
• Ensures all hosts can be seen in the endpoint security application with ongoing monitoring and applicable policies applied.
• Triages all alerts from the tool to ensure activity in the environment is authorized.
• Ensures deployment of tool and related modules are performing as intended.
• Monitors aggregate user data as directed.
• Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.
• We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.