Position Description
|
|
The SOC operations engineer will be responsible to monitor, control and troubleshoot the security and vulnerability of the deployed SBInet system and the SOC system itself. This system is made up of numerous components that include various operating systems, software applications, computing devices, network devices, communications equipment and sensors. The SOC operations engineer will provide full-time security management oversight and execution to support the 24x7x365 SBInet Security Operations Center (SOC) by shift work (day, swings, and nights). The security operations engineer must be self-managed and ready to respond to security technical issues, risks and vulnerabilities in near-real-time to event. He or she will perform security-related administrative tasks, control security configurations monitor system security, and trouble-shoot security management health and issues within the automated systems throughout the course of a typical day. His or her position requires expert knowledge of program security requirements, access control, OS security, trusted operating systems, authentication, and DB security. The security operations engineer will ensure that systems security devices, equipment, communications remain up and online. He or she will process security-related support requests, conduct password re-set requests, provide proactive management of administrative accounts to ensure access thresholds are maintained. He or she will also monitor security audit trails and run periodic security reports of various HW and SW. He or she will perform security checks for servers, workstations, and other site equipment, as appropriate. He or she will test and deploy anti-virus and anti-spyware definition updates to the system, and perform proactive maintenance resulting from vulnerability reports received from CBP and DHS security. He or she will work closely with the NOC's network operations engineers to ensure the health and security of the network system and other equipment. . The SOC security operations engineer will perform security management functions on remote customer equipment, respond to security incidents, and work closely with customers on the phone This engineer shall also provide support to a call center at the NOC/SOC to receive security incident reports. |
Competencies
|
|
General
[ + ] Communication
Clarifies purpose and importance; stresses major points; follows a logical sequence. Keeps the audience engaged through use of techniques such as analogies, illustrations, humor, an appealing style, body language, and voice inflection. Frames the message in line with audience experience, background, and expectations; uses terms, examples, and analogies that are meaningful to the audience. Seeks input from audience; checks understanding; presents message in different ways to enhance understanding. Uses syntax, pace, volume, diction, and mechanics appropriate to the media being used. Accurately interprets messages from others and responds appropriately.
[ + ] Initiating Action
Takes immediate action when confronted with a problem or when made aware of a situation in own or other work area. Implements new ideas or potential solutions without prompting; does not wait for others to take action or to request action. Takes action that goes beyond job requirements in order to achieve objectives.
[ + ] Systems Thinking
Evaluates job tasks and processes on how well they help meet team objective(s); identifies non-value-adding components and barriers. Formulates change strategies; seeks input from others to evaluate options for change and encourage buy-in. Makes appropriate changes to job/role structures and processes by communicating effectively and focusing on new skill development. Uses accurate measurement systems to monitor the implementation.
Technical
[ + ] Analytical Skills
Skill and ability to: collect, organize, synthesize, and analyze data; summarize findings; develop conclusions and recommendations from appropriate data sources at the department level.
[ + ] Government Security Reg
Complete knowledge of government security regulations (e.g., National Industrial Security Program Operating Manual [NISPOM], International Traffic in Arms Regulations [ITAR], Export Administration Regulations [EAR]).
[ + ] Information Protection
Complete knowledge of the security of architecture, electronic data communications, network/data, electronic commerce, and other related areas to provide computing security and integration services to company computer users and customers. Interfaces with the appropriate government agencies, customers, suppliers, and company personnel in order to facilitate implementation of protective mechanisms and to ensure understanding of and compliance with computing security requirements.
[ + ] Information Technology Fluency
Complete ability in the use of personal computing hardware and software to enter project information, such as, statements of work, resource identification and usage, task status, cost estimating and tracking, etc. Complete knowledge of processes and tools to maintain, archive, and retrieve digital files. Complete ability in constructing/building and providing reports and presentation material as needed for assigned projects. Complete knowledge of identifying and gaining approval of testing of established applications to meet project requirements.
|
Other Job related information
|
|
The candidate must be familiar with DHS and CBP standards guiding IA policy, requirements and integration as described in NIST 800-53 and DHS 4300 security policies or corresponding DOD standards and guidelines. Must be knowledgeable of ISS theory, applications (e.g. security architectures, data communications, network security, protection of sensitive data, etc.). Applicants MUST include their Security Clearance Level, Investigation Type and Investigation Date clearly on their resume. Should also be experienced with requirements outlined within CBP 1400-05L, and the Federal Information Security Management ACT (FISMA) computing security implementation, as well. Prefer CISSP experience. Willing to work the SOC on a rotating shifts (day, swings, and nights) on a 7/x24x365 schedule, and must possess strong analytical and problem-solving skills. He or she must also be able monitor and respond appropriately to automated systems that track the security status of servers and associated network and workstation equipment. Must have full understanding of Nessus, Cisco, MS Windows security methods, ADC, NDS, and security monitoring applications, and possess excellent attention to detail. Effective communications and interpersonal skills, and customer focus are also required. Individual should have Security Operations Center operations knowledge/experience Representative SW on-site: Linux (Red Hat) MS Windows Cisco Security Agent (Host Intrusion Detection) Cisco IOS w/ IDS/IPS Feature Set (Network Intrusion Detection) Nessus (Vulnerability Scanning) SSH (configuring network devices) Tivoli Provision Manager (Provisioning hosts) MS Certificate Authority integrated into AD (PKI/Certificate security) Netcool Omnibus (Event Message filtering) Other SW used: Oracle MARS Remedy ArcSight AppCritical Opsware Requires a candidate w/ DoD TOP SECRET, SCI or higher clearances, ability to pass an LE background check; and 2-3 years experience w/ information security and intrusion detection SW. Prefer Bachelors Degree in information systems, information security, computer science or similar technology discipline but can substitute demonstrable equivalent certifications or experience. This position requires 2-3 years network and system administration experience, a working knowledge of security issues and countermeasures, and an excellent set of communications and interpersonal skills. Previous work in a 7x24x365 environment and a college degree is a plus (highly desirable) |