Job ID: NC-528899 (98090503)
Network Security Architect (CEH/GCIA/GCIH) with SIEM, Intrusion Detection/Prevention, vulnerability assessment, packet analysis, malware, Forensics, signatures and incident management experience
Location: 3700 Wake Forest Road, Raleigh, NC (NCDIT)
Duration: 12 months
Skill Required / Desired Amount of Experience
Enterprise level experience with SIEM Technologies Required 3 Years
Enterprise level Network Security/Architecture experience Required 3 Years
Enterprise level Intrusion Detection/Prevention experience Required 3 Years
Experience preserving evidence integrity/forensics in enterprise environments Required 3 Years
Proven experience recognizing and categorizing types of vulnerabilities and associated attacks in enterprise environments Required 3 Years
Packet analysis experience Required 3 Years
Identify, capture, contain and report malware in enterprise environments Required 3 Years
Enterprise experience preserving evidence integrity/Forensics Highly desired 3 Years
Enterprise experience developing and deploying signatures Highly desired 3 Years
CEH, GCIH, GCIA or equivalent certification Highly desired
This position reports to State Chief Risk Officer (SCRO) and supports the SCRO in ensuring compliance with Federal and State policies of the Department of Information Technology (DIT) State agencies. The candidate will support the Enterprise Security and Risk Management Office (ESRMO) Incident Response team and monitor networks and systems using various security boundary tools and capabilities for anomalous activities, triage and remediate as appropriate.
Duties and Responsibilities:
• Support/assist ESRMO with real-time monitoring and triage of incident received.
• Work collectively with other team members on incident analysis and response, and coordinate with external agencies on resolution of incidents.
• Support efforts on threat hunting, network, host, and malware analysis, sensor tuning and custom signature creation
• Support the application of cyber intelligence to improve security operations
• Perform investigation of network and hosts/endpoints for malicious activity, to include analysis of packet captures
• Assist in efforts to detect, confirm, contain, remediate, and recover from attacks
• Assist in the preparation of executive summaries and conduct briefings on significant investigations
• Ensure adequate metrics and documentation of team operations for leadership and other constituents
• Participate in other activities relating to security and privacy incident management
Knowledge, Skills and Abilities / Competencies
• Network investigation experience, to include netflow and packet/protocol capture and analysis
• Endpoint/host forensics experience
• SIEM experience
• Strong critical thinking, problem solving, and organization skills
• Strong teamwork and collaboration skills
• Good written and verbal communication skills
• Ability to pass a security clearance background investigation
• Sound cyber security knowledge foundation, to include understanding of
• Adversary TTPs
• Network technology and common protocols
• Network security
• Host security
• Malware
• Security tools and sensors
• Ability to work with little to no supervision
• Proven ability to multi-task and work under stress
• Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people
• Prefer GCIA, GCIH, CISM, or CEH
Leave a Reply