Senior Security Information and Event Management (SIEM) Administrator

Company: Nimbis Services
Location: Bowie
Posted on: May 3, 2020

Job Description:

Nimbis Services, Inc. is still growing, and we are looking for a Senior Security Information and Event Management (SIEM) Administrator to work from our office in Bowie, MD. The Security Information and Event Management (SIEM) administrator serves as a member of the Information Assurance team. Support cross-functional team at Nimbis supporting the Air Force Research Laboratory Trusted Silicon Stratus Distributed Transition Environment (TSS-DTE). The SIEM administrator will support the Director of Information Assurance to ensure TSS-DTE AWS Gov Cloud environment software development life cycle (SDLC) engineering design, development, testing, and implementation complies with DoD Risk Management Framework (RMF) and FedRAMP certification goals. As the SIEM subject matter experts (SME), interact with DevSecOps and other Cybersecurity Engineering team members to gather data sources requirements, perform troubleshooting, and the creation of SIEM search queries and dashboards. Leverage industry-based best practices to ensure SIEM IA requirements integrate with the DevSecOps CICD automation, interoperability and scalability of the engineering cybersecurity solutions. SIEM administrator is responsible for recognizing and onboarding new data sources into SIEM, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. The SIEM administrator must have working experience working in a Linux environment, editing and maintaining SIEM configuration files and apps. The SIEM administrator maintains IAT Level IIIII certification in accordance with the provisions of DoD Directive 8570.01-M. The SIEM administrator will ensure that logs are collected from systems and devices across the architecture into Splunk for analysis. Assesses the impact of incidents and events to systems (critical, sensitive data) and provides direction to the system and network administrators. Will be responsible for creating and maintaining documentation to support the RMF accreditation process. Will also be responsible for writing DoD RMFFedRAMP plans identified in NIST SP 800-53, such as access control plan, configurations management plans, system security plans, incident response plans, access control, configurations, etc. The SIEM administrator will be required to interact with senior management, as necessary. Those authorized to work in the United States without sponsorship are encouraged to apply. Status is required for this position with potential clearance in the future. Primary Responsibilities bull Performs advanced analysis of log files, threat vector indicators, vulnerability analysis, external reports, and internal guidance to identify false-positive and actual positive events. bull Creates queries, dashboards, and visualizations to support customer requirements and monitoring of the SIEM deployment. Assists the incident response team in investigating alerts along with opportunities to automate and tune response activities. bull Provides recommendations with network and system administrators to ensure audit configurations are optimized to meet Cyber requirements. Coordinates with network administrators to tune IDSIPS devices. bull Identify and integrate internal and external data sources, perform analysis of data trends, create queries and maintain SIEM dashboards. bull Conducts cybersecurity engineering by generating recommendations, designing, implementing, and transitioning solutions to improve cybersecurity posture, allow for mission assurance, and comply with all DoD policies. bull Gather artifacts and conduct Application assessment to support DoD RMF and FedRamp certification bull Support system integration, system evaluation and analysis, site surveys, verification and validation, cost and risk, and supportability and effectiveness analyses for total systems and architectures. bull Conduct advanced research and analysis of current systems to develop strategic implementation plans and designs, document and mitigate risks as well as lessons learned, and provide regular updates. Required Qualifications bull Bachelorrsquos Degree or equivalent number of yearsrsquo experience. bull 2+ years of information security experience, ideally with a focus on cloud solutions bull 4+ years of experience in a senior SIEM role bull 3+ Years of experience in Linux and SQLODBC interfaces bull Possess a clear understanding of security protocols and standards and has experience with software security architectures. bull Experience writing DoD RMFFedRAMP cloud certification artifactsdocumentation identified in NIST 800-53 security control family, e.g. System security plans, incident response plans, access control plans, configurations management plans, etc. bull Ability to clearly and concisely document Standard Operating Procedures and procedures. Preferred Qualifications bull Experience with cybersecurity systems design and operations in multi-enclave cloud environments. bull Utilizing SIEM for Big-Data bull Working experience with DoD IA Specific technologiessolutions HBSS, ACASNessus, McAfee EndPoint, LogRhythm, SolarWinds, Splunk, SCCM, Active Directory, Desktop EndPoint Solutions, and Identify Management (Okta) bull Working knowledge of DevSecOps methodology Certifications Preferred bull Splunk Enterprise Administrator bull Splunk Core Power User bull DoD 8570 IAT IIIAM II Level Certification (CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CEH, CAP, CISSP or higher) bull ITIL Foundations or Intermediate Certificates bull Systems Cybersecurity Engineering Certificates bull Agile, LeanSix Sigma ndash Green Belt

Keywords: Nimbis Services, Bowie , Senior Security Information and Event Management (SIEM) Administrator, Executive , Bowie, Maryland