GuidePoint Security - Springfield, VA
posted 2 months ago
Full-time - Mid Level
Remote - Springfield, VA
501-1,000 employees
Publishing Industries
About the position
The Cybersecurity Operations Specialist role at GuidePoint Security involves providing cybersecurity data analysis services, focusing on the management and maintenance of Security Information Events Management (SIEM) systems. The position requires an active Top Secret/SCI clearance and is 100% onsite, primarily located in Saint Louis, MO or Springfield, VA. The specialist will be responsible for ensuring the reliability and security of SIEM systems, performing maintenance, and integrating various cybersecurity tools to enhance operational effectiveness.
Responsibilities
- Provide preventative and corrective maintenance to ensure consistent, reliable, and secure service availability.
- Maintain system availability and reliability with required SLA.
- Detect and ticket degradations of all SIEM data flows within required SLA.
- Perform day-to-day maintenance and specific scheduled maintenance activities according to agency approved change management processes.
- Execute emergency maintenance actions to prevent unacceptable outage durations.
- Perform all development, engineering, testing, integration, and implementation actions necessary for major vendor revisions.
- Conduct continuous engineering assessments to improve service performance and effectiveness.
- Configure all assets assigned to the service in accordance with Federal, DoD, IC, and NGA laws and policies.
- Utilize agency approved ticketing systems to document and coordinate all actions related to engineering and maintenance.
- Use monitoring, analysis, and visualization tools to track effectiveness and performance metrics.
Requirements
- Midlevel to advanced Linux administration experience (RHEL preferred).
- Experience with SIEM tools such as ArcSight, ElasticSearch, Splunk, Event Broker, and User Behavioral Analysis (UBA).
- Ability to create alerting rules and manipulate SIEM filters to analyze potential malicious activity.
- Skilled in troubleshooting event flow through an Enterprise Audit infrastructure.
- Active TS/SCI Clearance.
- DoD 8570.01-M IAT Level II and CSSP Infrastructure Support certifications.
- Experience with SIEM and Development Projects.
Nice-to-haves
- Experience with Kibana and Cribl.
- Experience developing and maintaining enterprise audit projects.
- Creation of ArcSight rules based on use cases of malicious events.
- Experience with content development within ArcSight and Kibana.
Benefits
- 100% employer-paid medical premiums (employee only $0 deductible and HSA plans) with 75% employer-paid family contributions.
- 100% employer-paid dental premiums (employee only) with 75% employer-paid family contributions.
- 12 corporate holidays and a Flexible Time Off (FTO) program.
- Healthy mobile phone and home internet allowance.
- Eligibility for retirement plan after 2 months at open enrollment.
- Pet Benefit Option.
