Actionet Washington , DC 20001
The Security Cyber Operations Lead will assist Department of Transportation ITSS Common Operating Environment (COE) in the management, maintenance, and maturing of Cybersecurity Operations. Specific duties include but arent limited to:
Provide day-to-day guidance to cyber security teams on Security threats, vulnerabilities, incident handling, remediation and advice for long term sustainable improvements/countermeasures.
Assess and report effectiveness of storage, network, server, desktop, software and application configurations with security vulnerabilities and deviation with standards.
Report and communicate security scanning vulnerability results and work cross-functionally with storage, network, server, software and application engineers to assess risk level, develop, and recommend appropriate vulnerability remediation measures.
Serve as liaison with DOTs Security Operations Center (SOC) and DOT IT Services for all COE cyber security related incidents.
Analyze, design, and develop security requirements and features for system architectures of cloud infrastructure, servers, and personal computers.
Ensure team has 24/7 On-call rotation availability for security operations remediation services.
Create, update and maintain design, architecture, data profiles, licenses, support agreements, standard operating procedures, work instructions, and knowledge articles.
Required Job Experience:
8+ years of hands-on experience in security operations, vulnerability assessment, remediation, incident detection and response, malware analysis, and/or cyber forensics.
5+ years of experience leading and managing security operations for the large organization, including in-house security engineers or a 24x7 NOC SOC
8+ years of hands-on experience administrating or managing on or more operating systems (Windows, Linus, AIX, UNIX, etc.) and server hardening processes
5+ years of hands-on experience in maintaining and using Symantec Endpoint Protection tool.
Senior level knowledge of wireless networking and associated security protocols.
Strong understanding of both security and network fundamentals and protocols (e.g.
IDS/IPS, Vulnerability Scanning, Monitoring and Prioritization, TCP/IP, Routing, Firewalls, Security Information and Event Management [SEIM] and web content filtering, etc.)
Familiarity with developing and implementing monitoring capabilities, including Continuous Diagnostics and Mitigation (CDM), for on-premise and cloud service provider infrastructure (e.g. Azure)
Skilled in conducting vulnerability scans and recognizing vulnerabilities.
Identify systemic security issues based on analysis of vulnerability and configuration.
Serve as a highly cohesive team member and a change agent while serving as a consultant.
Experience using SolarWinds, Tenable Security Center, Trend Micro, BigFix, and IronPort Security tools Preferred
Required Clearance: Public Trust (or obtain)
Bachelor or Master degree (or industry equivalent experience).
Preferred Certifications: CISSP, GIAC Penetration Testing Certification (GPEN, GWAPT, GCTI), OSCP, CEH, etc.
NOC/SOC, CDM, Public Trust, DOT