Cyber Security Engineer

Freedom Technology Solutions Group is seeking a motivated, career and customer-oriented Cyber Subject Matter Expert, Scientist to perform on our Cybersecurity Data Analysis Services team in the Springfield, VA.  The Cyber Subject Matter Expert, Scientist shall manage the engineering, integration, and administration support required for successful delivery of capabilities and services to the operational baseline. 

Responsibilities include, but are not limited to: 

• Perform tasks and complete customer requests using the ServiceNow delivery platform.
• Resolve incident tickets issued through ServiceNow.
• On-board customer’s assets consisting of operating systems, applications and network devices in multiple enclaves. 

• Lead the exploration of emerging technologies by arranging demonstrations, providing technical evaluations, and input to the customer's roadmap development. 

• Assist the Program/Project engineers in testing and implementing future enhancements.
• Utilize, evaluate and update all engineer instruction sets and SOPs.
•  Ability to learn and perform the testing of sophisticated Audit SIEM platform applications in a physical and virtual environment. 

• Perform various Linux and Windows systems administration/engineering tasks related to the operational system.
• Verification and validation that the segments are operating as desired, audit events are being processed, and parsed properly, metrics generation, and ensuring that all required systematic audit events are being accomplished. 

• Operate and multitask in a dynamic high tempo environment.
• Perform the engineering, integration, and administration support required for successful delivery of capabilities and services to the operational baseline. 

• Perform work duties in a government environment as part of a multi-contractor team.
• Facilitate the enablement, collection, and verification of customer data within SIEM tools.
• Develop SIEM search queries to support Enterprise Audit service requirements.
• Ability to learn custom audit solutions with advanced parsing techniques
• Lead and coordinate Beta-testing future enhancements to the Audit Enterprise system and provide valuable feedback. 

 Basic Qualifications: 

• TS/SCI w/CI Poly
• Minimum Education: B.S. or relevant experience in related field.
• Minimum/General Experience: 7-10 years of related experience.
• Must possess the required DoD Directive 8570.1 IAT Level II or higher certification or ability to obtain within 6 months. 
• The ideal candidate will be able to work independently and in team environments and be able to take on tasks quickly with minimal direction while leading others. 

• Strong organizational, analytical, and troubleshooting skills with a high level of attention to detail are required to succeed in this diverse environment. 

• Should be able to demonstrate understanding and appropriate application of DoD policy and technical security guidance to information systems. 

• Expert level Linux systems administration/engineering, general operating system security practices, TCP/IP networking, and network security concepts is required. 

• Familiarity with the Certification & Accreditation process is preferable but not required.

Advanced Qualifications: 

• Ability to learn and comprehend from provided training in an individual contributor and team capacity. 

• Experience building out large scale environment automation with Ansible, or other similar tools. 
• Ability to provide architectural level recommendations to program management and government officials that can balance both frugality and efficiency. 
• Practical experience developing custom scripts utilizing bash, python, perl, etc…
• Ability to coordinate complex, out of the box solutions that can help fulfill the needs of key stakeholders. 
• Ability to ingest raw data, and parse out relevant fields to be utilized for detection and correlation. 
• Cribl experience and/or certifications.
• Splunk Architect or Core Consultant Certification
• Experience with Security Information and Event Management (SIEM) platforms, preferable Splunk. 

•  Cloud environment experience with SQS, SNS, Lambda, CloudFormation, Direct Connection, AWS load balancing, VPV Peering, and/or relevant certifications.
• Experience with Linux, Windows Server and workstations, Red Hat and CentOS.
• Ability to modify feed creation to ingest customer logs in a standard format to meet policy requirements. 

• Familiarization with ICS 500-27 for Audit collection requirements
• Familiarization with other Enterprise security services Host Base Security Service, and Enterprise

Vulnerability Scanning Service, and UAM 

• Ability to clearly articulate ideas for executive – level as well as technical staff consumption