Senior Cybersecurity Engineer (Trelix)

About The Position

Requirements

• 8+ years of related experience
• Ability to use security operations of Trelix.
• Ability to update security applications, such as Trelix.
• Experience patching and updating LINUX (or RHEL or Red Hat)
• Ability to harden the system using STIGs.
• Ability to update the underlying security tools Linux operating system.
• Knowledge of the complete NIST SP 800 series (especially 800-37, 800-53, 800-30) and risk management principles.
• Must be DoD 8140 / 8570.01-M compliant (e.g., including but not limited to Security+)
• Must possess a current and active Top Secret (Sensitive Compartmented Information [SCI] eligibility).

Nice To Haves

• Hands-on experience with security operations of Splunk.
• Hands-on experience with Tenable.sc.

Responsibilities

• Supports maintaining the Continuous Monitoring program, specifically around vulnerability management, endpoint security, auditing, and security alert triage/monitoring.
• Supports control implementation statement updates, documentation development for plans or procedures, artifact identification for assessments, and body of evidence generation.
• Supports POAM mitigation and/or remediation activities.
• Update and maintain security tool versions (Trelix, etc)
• Configure, patch, and update the Linux operating systems
• Monitors the security applications such as Trelix Scanning implementation (Tenable.sc, SCC Tool)
• SIEM implementation (Splunk)
• Endpoint security implementation (Trellix)
• Works with the vendors of the security applications as applicable to maintain security updates, licenses, resolve support issues (e.g., for Tenable plugins), etc.
• Ensures all hosts can be seen in the endpoint security application with ongoing monitoring and applicable policies applied.
• Triages all alerts from the tool to ensure activity in the environment is authorized.
• Ensures deployment of tool and related modules are performing as intended.
• Monitors aggregate user data as directed.
• Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.
• Ensure security systems are up to date and implemented.
• Validate the telemetry from the hosts and security applications are forwarded to the SIEM.
• Configures alerts for privileged activity that would be conducted in the enclave as well as alerts from security advisories.
• Triages all alerts from the SIEM to ensure activity in the environment is authorized.
• Investigates, resolves, and reports security incidents in alignment with the Incident Response Plan.
• Ensures the inventory of hosts and recurring/ad-hoc scan policies are accurate.
• Reviews the scans to confirm correct, actionable data is generated to support the patching activities.
• Reviews STIG results and supports the team in implementing corrective action as applicable.

Benefits

• Variety of medical plan options, some with Health Savings Accounts
• Dental plan options
• Vision plan
• 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance