Full Job Description
ECS is seeking a Cybersecurity Engineer - SIEM Engineer to work in our Fairfax, VA office.
Develop new SIEM content including correlation rules, dashboards, reports, and alerts that appropriately characterize the importance of events of interest found in multiple environments
Develop metrics and trends that demonstrate the log platform's health and operational state
Participate in information security audits, ensuring the technical compliance with related (e.g. PCI, ISO, etc) regulatory requirements
Define, document, and implement appropriate delivery, parsing, reporting, and retention of security-relevant log information.
Assist users of the SIEM in real-time investigation and analysis.
Research and document security best practices to continually improve the deployment and use of the SIEM.
Maintain the health, performance, stabilization, tuning and ongoing planning of the SIEM platform.
Support the SIEM, SOAR, and UEBA platforms and participate in on-call rotation
Work with other teams in the integration of security tools with the SIEM.
Bachelor’s degree in computer related field. In lieu of a bachelor’s degree, at least three (3) years of IT security experience is required.
Prior experience of two (3) or more years within an Information Security consulting, analysis or management role where SIEMs/SEMs and other log analysis technologies were principal technologies actively used.
Detailed understanding of the TCP and IP protocol suites and ability to dissect and explain the contents of traffic and packets.
Ability to multi-task in a deadline-oriented environment
Demonstrated ability to work well independently with little input, and as a part of a team
Experience with configuration of debug, event generation and logging functionality within application and operating systems, using Syslog or flat file generation.
Experience with SOAR applications, especially Swimlane.
Hands on experience with LINUX administration
Security Experience with Cloud Technologies (Azure, AWS)
Experience with McAfee ESM, Elastic SIEM or Azure Sentinel
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.