Cyber Security Engineer

Y & L Consulting Inc.
Austin, TX
21 Mar 2025

Vacancy expired!

Position: Cyber Security Engineer

Contract Duration: 1 year + Renewal Options

Work Site: 2 Days Onsite in Austin, TX, 78744. Client has an existing Tenable scanning solution that requires fulltime staff to support operation and management.
  • Scans are configured to scan all devices in the client environment
  • Perform both credentialed and un-credentialed scans in accordance with agency security policies and standards
  • Identify software installed on scanned systems with known vulnerabilities
  • Perform targeted scanning to identify specific vulnerabilities within the client's environment
  • Identify rouge devices after each scan and notify client IT Operations and applicable service providers a minimum of monthly – rogue devices are those devices that are scanned but not identified as legitimate assets in the client environment
  • Notify client IT Operations and applicable service providers of any identified vulnerabilities and misconfigurations in a method determined by client
  • Advise client IT Operations and applicable service providers on methods to reduce vulnerabilities and misconfigurations.
  • Advise client IT Operations and applicable service providers on methods to refine client patching process to ensure that results of the scans are communicated to the appropriate operational teams responsible for ensuring vulnerabilities and misconfigurations and ensure they are mitigated or remediated in accordance with agency policy.
  • Coordination with the team members building configuration baselines
  • Administration of the Tenable application including coordinating with operational team for patching.

Custom Managed Endpoint Protection
  • Client has two (2) endpoint protection solutions that require fulltime staff to support operation and management. Staff Augmentation provider will provide a minimum of one (1) Tier 3 engineer to support the following functions: Management and administration of EDR tool (currently Microsoft Defender for Endpoint and CISCO Secure Endpoint)
  • Vendor Updates to tools
  • Reporting

Managed CISCO Secure Network Analytics Service
  • The Managed Secure Network Analytics Service is a security service utilizing client-provided hardware enabling network visibility monitoring and alerting. Once network traffic reaches key network devices such as firewalls, routers, switches or specific devices designed to split network traffic such as a SPAN or TAP ports netflows can be generated and sent to Secure Network Analytics. This enables client to have better visibility of North-South traffic as well as East-West traffic. Client can define its own security policies and tailor the Secure Network Analytics alerts to match expected or unexpected network traffic. The Managed Secure Network Analytics Service supports the creation and monitoring of alerts, policies, and host groups. Additionally, the Managed Secure Network Analytics Service performs for client four critical activities:Performance and Health Monitoring – Ensuring that the monitored device is operating as expected (e.g., up/down status), system resource utilization (e.g., CPU, MEMORY) and environmental indicators (e.g., temperature, power) as available through the specific endpoint management tool.
  • Alert/Notifications – Providing alerts or notifications to the designated client point of contact or group of any variance from the specified norms for performance or system health and security related alerts/notifications as defined by client's security policy.
  • Move/Add/Change/Delete (MACD) – Perform changes to the configuration of the Secure Network Analytics management system, as directed by client.
  • Patch and update installation – Ensure that the Secure Network Analytics system is up-to-date with the current software release (Version N) or current stable release (Version N-1)

Security Information and Event Management (SIEM) administrationClient current utilizes the Microsoft Sentinel SIEM solution. SIEM aggregates the event data that is produced by monitoring, assessment, detection, and response solutions deployed across application, network, endpoint and cloud environments. Capabilities include threat detection, through correlation and user and entity behavior analytics(UEBA), and response integrations commonly managed through security orchestration, automation, and response (SOAR).
  • Staff Augmentation provider will Provide a minimum of two (2) dedicated SIEM engineers to manage Azure Sentinel SIEM solution.Provide content management
  • Updates to correlations, alerting rules, customization of dashboards, views, and reports
The workers' responsibilities and skills must include:

WORKER SKILLS AND QUALIFICATIONS (Required)

Minimum (Required):
  • 8 years of deployment and configuration of Network Security monitoring and incident response tools (EDR, Scanners, SIEM, Netflow, etc)
  • 8 years of administration of Network Security monitoring and incident response tools (EDR, Scanners, SIEM, Netflow, etc)
  • 8 years of participation and experience in intrusion detection and incident response activities
  • 8 years of effective, professional business communication and reporting

Preferred (Optional):
  • 8 years of experience with the CISCO security suite of tools
  • 8 years of experience with Microsoft EDR tools
  • 8 years of experience with Microsoft Sentinel
  • 8 years of experience with the Tenable suite of tools
  • ID: #49511676
  • State: Texas Austin 78744 Austin USA
  • City: Austin
  • Salary: Depends on Experience
  • Job type: Contract
  • Showed: 2023-03-21
  • Deadline: 2023-05-13
  • Category: Et cetera