Network Security Architect (CEH/GCIA/GCIH) with SIEM, Intrusion Detection/Prevention, vulnerability assessment, packet analysis, malware, Forensics, signatures and incident management experience

Job ID: NC-528899 (98090503)

Network Security Architect (CEH/GCIA/GCIH) with SIEM, Intrusion Detection/Prevention, vulnerability assessment, packet analysis, malware, Forensics, signatures and incident management experience

Location: 3700 Wake Forest Road, Raleigh, NC (NCDIT)
Duration: 12 months

SkillRequired / DesiredAmountof Experience
Enterprise level experience with SIEM TechnologiesRequired3Years
Enterprise level Network Security/Architecture experienceRequired3Years
Enterprise level Intrusion Detection/Prevention experienceRequired3Years
Experience preserving evidence integrity/forensics in enterprise environmentsRequired3Years
Proven experience recognizing and categorizing types of vulnerabilities and associated attacks in enterprise environmentsRequired3Years
Packet analysis experienceRequired3Years
Identify, capture, contain and report malware in enterprise environmentsRequired3Years
Enterprise experience preserving evidence integrity/ForensicsHighly desired3Years
Enterprise experience developing and deploying signaturesHighly desired3Years
CEH, GCIH, GCIA or equivalent certificationHighly desired

This position reports to State Chief Risk Officer (SCRO) and supports the SCRO in ensuring compliance with Federal and State policies of the Department of Information Technology (DIT) State agencies. The candidate will support the Enterprise Security and Risk Management Office (ESRMO) Incident Response team and monitor networks and systems using various security boundary tools and capabilities for anomalous activities, triage and remediate as appropriate.

Duties and Responsibilities:
•Support/assist ESRMO with real-time monitoring and triage of incident received.
•Work collectively with other team members on incident analysis and response, and coordinate with external agencies on resolution of incidents.
•Support efforts on threat hunting, network, host, and malware analysis, sensor tuning and custom signature creation
•Support the application of cyber intelligence to improve security operations
•Perform investigation of network and hosts/endpoints for malicious activity, to include analysis of packet captures
•Assist in efforts to detect, confirm, contain, remediate, and recover from attacks
•Assist in the preparation of executive summaries and conduct briefings on significant investigations
•Ensure adequate metrics and documentation of team operations for leadership and other constituents
•Participate in other activities relating to security and privacy incident management

Knowledge, Skills and Abilities / Competencies
•Network investigation experience, to include netflow and packet/protocol capture and analysis
•Endpoint/host forensics experience
•SIEM experience
•Strong critical thinking, problem solving, and organization skills
•Strong teamwork and collaboration skills
•Good written and verbal communication skills
•Ability to pass a security clearance background investigation
•Sound cyber security knowledge foundation, to include understanding of
•Adversary TTPs
•Network technology and common protocols
•Network security
•Host security
•Malware
•Security tools and sensors
•Ability to work with little to no supervision
•Proven ability to multi-task and work under stress
•Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people
•Prefer GCIA, GCIH, CISM, or CEH