Vacancy expired!
Capgemini Government Solutions (CGS) LLC is seeking a highly motivated Security Engineer to join our Cyber Security team to support our clients cyber requirements, and a new requirement for our customers. They provide full cooperation to the appropriate teams for participating in cyber investigations. If you are passionate about working in a highly collaborative Cyber environment, we want to hear from you. The successful candidate will have the opportunity to apply and grow their skillset in, work with a motivated and entrepreneurial team, engage with a wide range of stakeholders, and build CGS capabilities.
As a Lead Security Engineer, you will:- Monitor the security tools (including but not limited to a SIEM-based solution, IPS/IDS, Firewall, Anti-Malware, Endpoint Security, Web Application Firewall, etc.) to maintain situational awareness to satisfy the CEM 24x7 monitoring requirement.
- Proactively protect the client's environment.
- Look for unusual activity by reviewing all available information including (but not limited to) the above-referenced tools and investigate any unusual detected activity.
- Investigate all security alerts received by the CEM. Investigations will make use of all tools and log files possible. Investigations will determine if the alert is a false positive, a security event, an actual attack, and/or a security incident.
- Investigation will answer and report on the who, what, where, when, and how of the occurrence. Investigations will report on any actions taken to contain and/or remediate the situation and include any recommendations for further action. Investigations will include a historical summary of previous investigations of the same alert.
- Investigate anything requested by management or the CSO at their discretion. The investigation will be performed as described above.
- Provide cybersecurity root-cause analysis in support of any tickets for which it fails to meet the Acceptable Quality Levels (AQLs) specified in the Performance Requirement Summary (PRS). This root-cause analysis will include documenting recommendations for corrective action.
- Escalate any security incident (the confidentiality, integrity, or availability of any information or information asset is negatively impacted) to the Incident Response (IR) team. Further, the CEM analyst will enlist the assistance of IR for any situation that exceed the skills of the CEM analyst / team, or that require more manpower than is available to the CEM team.
- Perform a shift handoff at the end of every shift. The shift handoff will provide situational awareness to the incoming shift. The shift handoff will also instruct the incoming shift to continue/finish investigations, reports and other work that was not completed by the outgoing shift, and provide all details required for the incoming shift to easily pick up the work where it was left off. The shift handoff information will be recorded in the shift report in the format described in the shift report SOP.
- Will write and distribute reports, including but not limited to the Shift Report, the Daily Virus Report, the Daily Activities Report, Daily Shift Tracker, the Weekly Activities Report, the Blue Coat Report, Investigation Reports, etc., as described in their respective SOP, ad hoc - as the need arises, or as directed by management.
- Will write reports on investigations, other reports, emails or any other communications that use proper spelling and grammar, are easily understood, logically constructed, and complete to the point that no likely questions remain unanswered.
- Will process and complete tickets received from ServiceNow such as Non-Standard Software Requests, Unblock Requests, Lost and Stolen, etc., in the manner as described in their respective SOPs. Any ServiceNow tickets not completed and closed by the end of the shift must be handed off to the next shift for completion.
- Will process and complete tickets received from CDC Tracker. Any CDC Tracker tickets not completed and closed by the end of the shift must be handed off to the next shift for completion.
- Will investigate all reported suspicious emails and determine whether the email is malicious, non-malicious or legitimate. The CEM analyst will categorize and file reported email messages to support tracking and reporting activities. The CEM analyst will reply to the user who reported the suspicious email with a message reporting the determination and any recommendations.
- Will maintain their Laptop and all software therein in a state of readiness necessary to support all activities required of the CEM analyst.
- Will read all email messages they receive and handle each as required by either responding, investigating, reporting, acknowledging, filing and categorizing for future reference, etc.
- Will attend all meetings and conference calls that may be required. The CEM analyst will take notes as appropriate and report pertinent information to the rest of the CDC as appropriate.
- Will update their timesheet daily and keep it current as of the close of that day.
- Will assist coworkers where necessary, including but not limited to onboarding, training, investigations, reports, etc.
- Will complete required periodic training such as Security Awareness Training, Privacy Training, Sexual Harassment Training, etc.
- Bachelors of Science in Computer Science, Systems Engineering, Cybersecurity, Information Technology or related area.
- Minimum of 1 year of experience in a Security Operations Center (SOC) environment, exceptions may apply based on other factors.
- 5+ years of experience in a Security Operations Center (SOC) environment.
- As needed (not often), provide after-hours and weekend support.
- Significant experience installing, configuring, and maintaining numerous security tools and technologies to include the following (and/or comparable) security technologies:
- SIEM Splunk Enterprise Security (ES)
- McAfee Network Security Manager (NSM) Intrusion Detection/Protection System (IDS/IPS) and associated sensors.
- Imperva Web Application Firewall (WAF)
- Symantec Endpoint Protection (SEP)
- Must =
- Security + (Preferred)
- Network