The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. They will serve as an expert and be responsible for providing network and security operations technical analysis, assessment and recommendations in the areas of real-time security situational awareness, operational network system and applications systems security monitoring. Duties and responsibilities may include, but are not limited to:

• Monitoring various security tools (e.g., Splunk, Palo Alto Networks, SourceFire, Cisco ASA) to identify potential incidents, network intrusions, and malware events, etc. to ensure confidentiality, integrity, and availability of network architecture and information systems.
• Reviewing and analyzing log files to report any unusual or suspect activities
• Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating
• Generating trouble tickets and performing initial validation and triage to determine whether incidents are security events using open source intelligence (OSINT)
• Following established incident response procedures to ensure proper escalation, analysis and resolution of security incidents
• Reporting incidents to US CERT and providing detailed information for use in after action reports
• Analyzing and correlating incident event data to develop preliminary root cause and corresponding remediation strategy
• Providing technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect the VA network, and assessments for High Value Assets

• Bachelor’s degree or higher in Computer Science, Electronic Engineering or other engineering or technical discipline and at least ten (10) years IT experience. Eight (8) years of additional relevant experience may be substituted for education.
• Certification (or ability to obtain certification) in at least one of the following areas: 1) GIAC Certified Intrusion Analyst (GCIA), 2) GIAC Certified Incident Handler (GCIH), 2) Certified Ethical Hacker (CEH)
• Experience with advanced cyber security tools, network topologies, intrusion detection, PKI, and secured networks
• In-depth understanding of NIST SP 800-61, US CERT and Office of Management and Budget (OMB) standards
• Experience interpreting and implementing cyber security regulations
• Excellent verbal communication skills
• Outstanding written skills for preparing reports and briefings
• Excellent analytical and problem-solving skills
• U.S. Citizenship is required as is successfully passing a thorough Government background screening process requiring the completion of detailed forms and fingerprinting
• Ability to obtain public trust clearance