Network Auditing Support Tasks
Location: Dayton, Ohio, United States
Requisition Number: 4169
Network Auditing Support Tasks
Dayton, OH, USA • Wright-Patterson AFB, OH, USA Req #4169
Monday, September 27, 2021
All Native Group is seeking an SC Network Auditing Support Tasks to provide system support to the United States Space Force in Dayton, Ohio.All Native Group is in an active bidding process for this position. Employment is contingent upon All Native Group being awarded the contract.
• Work with the Cybersecurity personnel to install, configure, and deploy Elastic Stack across NASIC's Cornerstone Networks, in support of the IC and AF auditing requirements.
• Develop and document procedures/polices in order for NASIC to be compliant with Auditing guidance such as ICS 500-27 (Collection and Sharing of Audit Data). Provide technical support for any possible investigations and inquiries which may result of any misuse of information resources
• Maintain and expand (as necessary) NASIC's auditing solution (currently Elastic Search, logstash, beats, and kibana) across NASIC's Cornerstone Networks, in support of the IC and AF auditing requirements
• Develop and document procedures/polices for NASIC to be compliant with Auditing guidance such as ICS 500-27 (Collection and Sharing of Audit Data). Provide technical support for any possible investigations and inquiries which may result of any misuse of information resources
• Utilize Security Information and Event Management (SIEM) software products, such as the Elastic Stack, to create custom queries, searches, alerts, and dashboards.
• Identify and evaluate anomalous and suspicious system and network activity, detect and assess network intrusions and malware behavior by incorporating, monitoring, and analyzing event logs across numerous device types (TCP/IP, packet analysis, Windows logs, syslogs)
• Utilize SIEM information with other tools such as ACAS, HBSS, SolarWinds, and Palo Alto.
• Identify coverage and efficiency gaps in security data and tooling.
• Notify Government Technical Monitor (GTM) of network intrusions and suspicious and anomalous events, and provide details as required within 1 business day of detection
• Provide detailed operating process and training for items related to network monitoring
• Participate in incident response and manage escalations as needed
• Monitor metrics, and trend data related to network monitoring
• Provide monthly functional area reports summarizing work accomplished, work planned in next month and important issues occurring during the month
None required for this position
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
• Must be able to remain in a stationary position 75% of the time.
• Occasionally moves about inside the office to access file cabinets, office machinery, etc.
• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine, and computer printer.
• Expresses or exchanges ideas by means of the spoken word. Those activities in which they must convey detailed or important spoken instructions to other workers accurately, loudly or quickly.
• Frequently moves standard office equipment up to 25 pounds.
• Must be able to work indoor conditions 90% of the time.
While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.
Position Type/Expected Hours of Work
This is a full-time position. Typical days and hours of work are Monday through Friday, 8:00 a.m. to 5:00 p.m. Evening and weekend hours required, as required by business need.
Travel is primarily local during the business day, although some out of the area travel and overnight may be expected.
• 3+ years experience operating or maintaining a SIEM solution such as the Elastic Stack, ArcSight, or Splunk
• Bachelor's Degree with diploma from an accredited educational institution; Graduate Diploma from a technical or vocational school or have acquired equivalent military training with certifications.
Additional Eligibility Qualifications
• Baseline certifications for IAM I include: CAP, or CND, or Cloud+, or GSLC, or Security+ CE.
Must possess or be able to obtain/maintain a TS/SCI security clearance
All Native Group is an equal opportunity employer. All applicants are considered without regard to age, sex, race, national origin, religion, marital status or physical disability. However, preference may be extended to persons of Indian descent in accordance with applicable laws.
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
- Job Family IT / Cyber Security / Network Systems
- Pay Type Salary
Community / Marketing Title: Network Auditing Support Tasks
Location_formattedLocationLong: Dayton, Ohio US
CountryEEOText_Description: US EEO Verbiage