Education:

• Bachelor’s degree from an accredited college or university in one or more of the following disciplines or equivalent (documented formal training): computer science, information systems analysis, science/technology, information management, computer engineering, or electrical/electronic engineering or equivalent combination of education and work experience

Basic Qualifications:

• ACTIVE Secret security clearance (position may require upgrade to Top Secret clearance)
• 6 years of Information System Security, security engineering and integration computer forensics, insider threat, or SPAA experience.
• 3 years demonstrated experience performing architecting, engineering, integrating, developing and/or deploying information technology products (hardware and software) in an enterprise environment.
• 3 years of experience with the software development lifecycle and integration of security tools.
• 6 years of experience using some/all of the following tools: SourceFire, ArcSight, Splunk, NetWitness, Guidance Software, Digital Guardian, Raytheon (SureView), NMAP, Metasploit, Request Tracker, Nagios, Intelliview, Nessus, and Foundstone

Job Duties:

• Engineers, architects, implements, deploys, maintains, and administers security products and tools.
• Conducts research, evaluates, and makes recommendations on emerging technology.
• Conduct cyber assessment activities including threat modeling, analysis and analysis of mitigation solutions.
• Coordinate and address supply chain management concerns.
• Coordinate with system architects and developers to provide oversight in the development of solutions and integration of security tools.
• Conduct security testing and evaluation during the development and release
• process for security tools and hardware (virtual or physical)
• Reviews, and interprets Federal guidelines and policies, and industry standard best practices.
• Provides subject matter expertise, support, leadership, and training.
• Provides support on all information security activities at the program level including policy development, compliance inspections, audits, reviews and communications security.
• Provides support and works on the development phases of information security systems development lifecycle.
• Evaluates, and supports the documentation, validation, and SPAA processes, necessary to meet the organization’s IA requirements; and ensures compliance from internal and external perspectives.
• Conducts assessments of threats and vulnerabilities pertaining to security tools and architecture, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
• Documents incident correlation requirements, selects incident correlation engines and recommends configuration guidelines. Performs analysis to determine the optimum configuration of network and host sensors.
• Conducts the integration/testing, operations, and maintenance of systems security.
• This analysis includes traffic load analysis, performance impacts of monitoring, determination of potential attack characteristics based on mission and infrastructure, and determination of site- specific data collection requirements
• Provides system operation support, administers hardware and software inventory, and oversees administration of a laboratory environment.
• Analyzes and recommends resolution of information security problems based on knowledge of the major information security products and services, an understanding of their limitations, and a working knowledge of the disciplines of information security.
• Conducts research and develops security policies relevant to client environment and analyzes outside security information for relevance to DEA.
• Installs, and upgrade computer hardware and operating systems (Windows, and
• UNIX) in an enterprise environment.
• Additionally, engineers are expected to be able to perform the duties of the cybersecurity analyst positions as requested by the COR/GPM.

Preferred Qualifications:

• Top Secret security clearance
• Master’s degree in computer science, information systems analysis, science/technology, information management, computer engineering, or electrical/electronic engineering or equivalent combination of education and work experience
• Any combination of security engineering experience in the following areas. Qualys, Splunk (CORE, UBA, ES), Tenable SC, Digital Guardian or like UAM tools, VMware (ESXi, vSphere, etc.), Nagios, Science Logic, EDR platforms (Counter Tack, CrowdStrike, FireEye), Intelliview, Networking, Infrastructure and Architectural experience, Linux, Vectra, NAS/SAN (NetApp, EMC), Cisco Fire Power, and the ability to learn new tools and suites of products.