Cybersecurity Monitoring Engineer

Terms of Employment
Permanent, Direct Hire
This is a hybrid position. The selected candidate must be comfortable working onsite in Suitland, MD three (3) days per week.

Overview & Responsibilities
Our client is seeking a SOC Engineer to assist in the development and implementation of proprietary and innovative security solutions. Responsibilities Include:
Assess, manage and ensure compliance to risk reducing behaviors and processes.
Facilitate workshops and direct stakeholder engagements to assess and develop current and future Cybersecurity program priorities, supporting activities, and roadmap.
Continuously monitor cloud security systems using knowledge of AWS, vulnerability management, and DoD Risk Management Framework requirements across three enclaves (NIPR, SIPR, JWICS)
Collaborate with infrastructure and platform teams on the cloud platform s security development
Investigate security alerts with cross-team collaboration, OSINT, and DoD threat intelligence when necessary
Implement and enhance the Continuous Monitoring Plan and processes to minimize false positives, false negatives, and increase overall efficiency
Identify, characterize and provide solutions for information system threats
Perform digital forensics and attack attribution, protection of critical networks, active systems warnings and indicators, detect active penetration into target systems, knowledge discovery of passive and active systems, and other computer network support operations.

Required Qualifications
Possess active Top Secret/Sensitive Compartmented Information (TS/SCI) and satisfaction of 8570 IAM III requirements (must possess CISM, CISSP, GSLC, or CCISO certification)
1+ years experience with Elastic Stack (Elasticsearch, Logstash, Kibana) for continuous monitoring, analysis, and visualization of data points
4+ years experience in Information Assurance and Cybersecurity-related fields with an emphasis on hands-on roles
2+ years experience contributing to and operating within complex enterprise Cybersecurity programs, ideally at a classified level within the DoD
2+ years experience performing Continuous Monitoring, as well as conducting security evaluations and assessments
2+ years experience supporting Cybersecurity functions within the cloud, AWS preferred
Familiar with Security Operations Centers, common roles and responsibilities to convey industry needs and objectives
Familiar with common network protocols and cryptographic concepts often seen in cloud network traffic (TCP/IP, DNS, SSH, HTTP/S, ICMP, SSL/TLS, etc.)
Basic knowledge of common malware and threat actor Tactics, Techniques, and Procedures (TTP)
Strong communications skills in reporting and explaining security concepts and events
Ability to self-direct and take initiative in taking on new tasks or efforts, as well as researching concepts and application information when necessary

Preferred Qualifications
Experience with evaluating endpoint security configurations and Security Technical Implementation Guide (STIGs) checklists
Basic knowledge of Linux distributions and the Windows operating system as well as Bash, MS-DOS, and PowerShell commands
Experience with analyzing packet capture (PCAP) files with tools such as TCPdump, WireShark, TShark, etc
Familiarity with high level network traffic analysis using tools such as Zeek and NetFlow Traffic Analyzer