---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Information Assurance Analyst
Location: Northern, Virginia, United States
Type: Permanent P/T
Closing Date: 2006-12-10
Dowless & Associates has immediate openings for IDS Analysts in the Northern VA
area for a classified contract. The duties of this task include analyzing
Agency network Intrusion Detection Systems (IDS) data and other data sources
for attack trends and potential security breaches; producing reports, report
incidents; and coordinating with the IDS O&M team to maintain IDS on line.
Specific tasks include but are not limited to the following:
• Monitor the Agency’s intrusion detection systems from 6am until
6pm, Monday through Friday.
• Correlate data from intrusion detection systems with data from other
sources such as firewall, web server, and net flow logs.
• Notify C/CIRT of significant changes in the security threat against the
Agency networks.
• Provide on call support after business hours and on weekends. Typical
volume of support is 2-3 calls per week with the majority of calls not
requiring a site visit.
• Coordinate with the IDS O&M team to ensure the IDS is operational
• Provide requirements to O&M team for new utilities and or tools that
may enhance the IDS.
• Produce daily/weekly/monthly IDS Reporting as required.
• Actively participate in or lead Technical Exchange Meetings (TEMs) and
document results.
• Give briefs, as needed, on the status of results of activities.
• Coordinate with appropriate organizations regarding possible security
incidents.
• Monitor the data / logs from each sensor on all networks/systems
monitored by IDS.
• Verify IDS policies, events, and signatures as required recommending
changes when / where necessary.
• Monitor all networks daily for irregular network / system behavior,
ensure IDS components are collecting data as expected.
• Determine if IDS events should be escalated to incidents.
• Conduct intra-office research to evaluate events as necessary, maintain
the current list of coordination points of contact.
• Review assembled data with firewall administrators, GCS engineering and
system administrators.
• Ensure IDS system irregularities are logged in the system logbook.
• Review and evaluate network modifications and recommend IDS policy
updates to the ERB.
• Produce a daily report identifying significant IDS events to
appropriate parties.
• Establish procedures for handling each IDS alarm, and coordinate with
the office review board process.
• Maintain knowledge of the current security threat level by monitoring
related internet posting, Intelligence reports, and other related documents as
necessary.
• Be able to add signatures and SNORT rules to compensate for the lack of
monitoring in threat areas as warranted by threat changes.
• Maintain listing of all anomalous or suspicious activity, their IP
address, and location in the network.
• Maintain a network diagram depicting the relevant security checkpoints
in the network.
• Develop I document event thresholds for various IDS signatures.
• Conduct trend analysis as directed and required to maintain and produce
the daily, weekly, monthly and custom analysis reporting, as directed by the
Team lead or COTR.
• Develop a document using Use Case UML processes that identify
procedures for correlating IDS events.
• Develop “Case Management” process for incident tracking and
resolution to completion.
• Identify misuse, malware, or unauthorized activity on monitored
networks.
• Research Network I System vulnerability’s by contacting the
vulnerability Data Owner or Network Administrator as necessary. Document
results for potential briefings to InfoSec Program Council (IPC) or the
responsible ISSM or SSO.
• Maintain efficiency by indoctrination through relevant training,
conventions, conferences, and on-the-job training.
• Evaluate, learn, operate, and integrate tools developed by Security
Engineering Division into the procedures for evaluating, monitoring and
reporting security relevant events as required.
JOB REQUIREMENTS
---------------------------------------------------
Mandatory Qualifications
• Bachelor of Science (BS) or Bachelor of Arts (BA) Degree
• Personnel shall have at least 1-5 years experience in a related field.
• Experience in monitoring and analyzing IDS systems of this scope and
size.
• Illustrated experience in significant INFOSEC related work.
• Ability to function in the role of a consultant.
• Capable of conducting analytical studies and investigations, including
quantitative data analysis.
• Theoretical knowledge of and practical experience with various Internet
protocols (e.g., DNS, SMTP, HTTP, SSL, SMB, etc.).
Desirable Qualifications
• Industry standard certifications in related field, i.e. CISSP.
CONTACT
---------------------------------------------------
Please submit all resumes to careers@dowless.com
Dowless & Associates
Nikita Corbin
Corporate Recruiter
ncorbin@dowless.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
