Arlington, VA

Responsibilities * Responsibilities include, but are not limited to the duties listed below, as outlined in the contract statement of work: * Provide engineering support to aid in the security monitoring of USMS P30 enterprise systems and maintenance of enterprise security monitoring tools. Support SOC activities by maintaining configuration of security monitoring tools to include: * Advises USMS senior leadership about monitoring and maintaining high security posture throughout the enterprise. Researches security products that align with mission objectives, and upgrade and update security applications in air-gapped/ closed networks. * Plans and implement/integrates new technology into existing infrastructure, provides analysis of hardware and software requirements used for product procurement, prepares technical and functional documentation for existing or proposed security infrastructure, and automates security functions and data collection using object-oriented programming. * Aggregates and correlates log data from operating systems, databases, and applications. Monitors for errors and set thresholds for expected activity in applications and databases and alert on specified deviation. Monitors implemented regulatory compliance on endpoints used to monitor for insider threat by alerting on unusual network activity and data movement. * Creates policies and rules for monitoring endpoints for malicious activity, ensuring only approved hardware is used at the endpoint. Detects, investigates, and mitigates suspicious activities and behavior. Provides visibility and auditing of potentially unsecured data, stop sensitive data from leaving the network, and stop data loss by securing endpoints. * Proactively works to identify advanced persistent threats and malware using artificial intelligence and machine learning before it can execute. Maintain and monitor endpoints for suspect and unsafe files on disk and in memory. Performs threat analysis to determine if suspect files are malicious. Performs analysis on hashes that are identified as suspect and determine if the files are benign or malicious. * Centrally manages enterprise-level database activity that includes vulnerability assessment functionality. * Utilizes the following cyber tools: Splunk Enterprise Security, Q-Audit ICS-500-27 Splunk application, Tenable Nessus Security Center, Cylance, Sentry (Insider Threat Tool), AppDetective. Qualifications * Top Secret Clearance Required * Bachelor's Degree (or significant equivalent experience) * 8 years of experience working with enterprise IT systems, of which a minimum of 5 years includes support to classified system operations * Must possess certification(s) in CISSP, CISA, CISM or vendor specific * Must be able to function resourcefully and independently and work with a diverse team of IA/cybersecurity practitioners * Strong written and verbal communication skills required. * Experience working within DOJ Offices, Boards, and Divisions (OBDs), with an understanding of unique organizational security policies and security controls implementations within specific IT environments is desired.