Sev1Tech is looking for a Vulnerability Analyst/PenTester Lead to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
Responsibilities include but are not limited to:
- Conduct Vulnerability Assessment scans for Headquarters and Subscriber systems and networks to identify potential computer security vulnerabilities, risks, and threats
- Operate, and maintain assessments and the resulting Vulnerability Assessment data and reports
- Support the NOSC enclave, HSEN, and Redundant TICs through the conduct of scheduled and ad-hoc vulnerability assessment scanning.
- Scanning shall include:
- Host-based and vulnerability assessments
- Network vulnerability assessments
- Database vulnerability assessments
- Web-based vulnerability assessments
- Cloud-based vulnerability assessments
- Employ ad-hoc or emergency vulnerability scanning to support targeted incident investigation, escalation, and emergency response to security events in accordance with documented procedures
- Coordinate with Component security staff to explain findings, provide recommendations on mitigations, and advocate for mitigation of vulnerabilities
- Conduct High Value Asset assessments and penetration tests and conduct or assist with penetration tests as requested by Components, System Owners, Information System Security Managers, or Information System Security Officers in support of Security Controls Assessments, continuous monitoring, and FISMA requirements
- Provide penetration testing summary reports, in accordance with the signed Rules of Engagement (ROE) document, to the appropriate System Owner/ISSM/ISSO, Government lead, DHS Program Manager and document the findings
- Prepare and submit security testing Rules or Engagement (ROE) for High Value Assets (HVA), Internal & External Threat Assessments, prior to conducting penetration testing and ensure that the ROE provide the operational security controls to protect both the system and network
Sev1Tech is seeking a Senior Knowledge Management Specialist to provide knowledge management and process improvement expertise. The successful candidate will be responsible for coordinating the knowledge management program, including developing and implementing knowledge management processes and procedures, and providing guidance and training to personnel.
Responsibilities include but are not limited to:
- Spearheading an assessment of existing customer Knowledge Management practices and the as is environment
- Knowledge Organization and Classification: Define and implement knowledge taxonomy/ontology and meta-data tagging systems to organize and categorize knowledge assets
- Ensure consistency and accuracy in knowledge classification
- Analyze knowledge management solutions and aid in the selection of the best software solution
- Implement efficient search and retrieval mechanisms to access knowledge
- Lead discovery of current knowledge artifacts, systems, and architecture
- Develop and implement knowledge-sharing platforms, communities of practice, and training programs
- Knowledge Strategy Development: Develop a comprehensive knowledge management strategy aligned with the organization's goals and objectives
- Knowledge Capture and Creation: Work with subject matter experts to identify, capture, and document tacit and explicit knowledge
- Facilitate knowledge creation through workshops, interviews, and collaboration platforms
- Knowledge Storage and Retrieval: Establish and maintain a centralized repository for knowledge assets, including documents, databases, and multimedia content
- Knowledge Dissemination and Sharing: Promote a culture of knowledge sharing and collaboration within the organization
- Knowledge Performance Metrics: Define Key Performance Indicators (KPIs) and generates reports to measure the effectiveness of knowledge management initiatives
Sev1Tech is seeking a Senior Knowledge Management Specialist to provide knowledge management and process improvement expertise. The successful candidate will be responsible for coordinating the knowledge management program, including developing and implementing knowledge management processes and procedures, and providing guidance and training to personnel.
Responsibilities include but are not limited to:
- Spearheading an assessment of existing customer Knowledge Management practices and the as is environment
- Knowledge Organization and Classification: Define and implement knowledge taxonomy/ontology and meta-data tagging systems to organize and categorize knowledge assets
- Ensure consistency and accuracy in knowledge classification
- Analyze knowledge management solutions and aid in the selection of the best software solution
- Implement efficient search and retrieval mechanisms to access knowledge
- Lead discovery of current knowledge artifacts, systems, and architecture
- Develop and implement knowledge-sharing platforms, communities of practice, and training programs
- Knowledge Strategy Development: Develop a comprehensive knowledge management strategy aligned with the organization's goals and objectives
- Knowledge Capture and Creation: Work with subject matter experts to identify, capture, and document tacit and explicit knowledge
- Facilitate knowledge creation through workshops, interviews, and collaboration platforms
- Knowledge Storage and Retrieval: Establish and maintain a centralized repository for knowledge assets, including documents, databases, and multimedia content
- Knowledge Dissemination and Sharing: Promote a culture of knowledge sharing and collaboration within the organization
- Knowledge Performance Metrics: Define Key Performance Indicators (KPIs) and generates reports to measure the effectiveness of knowledge management initiatives
Sev1Tech is seeking a Tier 3 level Field Engineering Technician who will be regionally located throughout the Continental United States (CONUS) to provide IT support requiring hands-on intervention at DHS facilities and sites lacking local IT support.
Responsibilities include but are not limited to:
- Deploy to Department of Homeland Security (DHS) facilities requiring IT technical support services
- Determine the nature of a service outage at a location and initiate response activity to restore service
- Assess whether an outage is the result of a commercial circuit failure or if it is due to some internal failure at a facility
- Identify failed network or system components and either restore the failed components to an operational status or replace the components as required
- Coordinate trouble-shooting with other Tier 3 engineers as needed
- Coordinate with product vendors as needed, communicating issues needing priority vendor attention and support
- Escalate issues to program leadership as needed
- In performing the above responsibilities, coordinate closely with the customer, team leads, contract managers - and vendors as necessary
Sev1Tech is seeking a Tier 3 level Field Engineering Technician who will be regionally located throughout the Continental United States (CONUS) to provide IT support requiring hands-on intervention at DHS facilities and sites lacking local IT support.
Responsibilities include but are not limited to:
- Deploy to Department of Homeland Security (DHS) facilities requiring IT technical support services
- Determine the nature of a service outage at a location and initiate response activity to restore service
- Assess whether an outage is the result of a commercial circuit failure or if it is due to some internal failure at a facility
- Identify failed network or system components and either restore the failed components to an operational status or replace the components as required
- Coordinate trouble-shooting with other Tier 3 engineers as needed
- Coordinate with product vendors as needed, communicating issues needing priority vendor attention and support
- Escalate issues to program leadership as needed
- In performing the above responsibilities, coordinate closely with the customer, team leads, contract managers - and vendors as necessary
Sev1Tech is seeking a Tier 2 level Field Engineering Technician who will be regionally located throughout the Continental United States (CONUS) to provide IT support requiring hands-on intervention at DHS facilities and sites lacking local IT support.
Responsibilities include but are not limited to:
- Deploy to Department of Homeland Security (DHS) facilities requiring IT technical support services
- Determine the nature of a service outage at a location and initiate response activity to restore service
- Assess whether an outage is the result of a commercial circuit failure or if it is due to some internal failure at a facility
- Identify failed network or system components and either restore the failed components to an operational status or replace the components as required
- Escalate issues requiring addition, higher-level field engineering support (Tier 3)
- In performing the above responsibilities, coordinate closely with the customer, team leads, contract managers - and vendors as necessary
- Collaborate with customer/company and colleagues, and other resources to gain a better understanding of the issue(s) to be resolved
- Effectively manage time to respond to service calls in a timely fashion
- Complete intermediate installations and perform system test procedures
- Troubleshoot and resolve issues that cannot be solved remotely
- Perform smaller scale moves, adds, or changes of clients' equipment as needed
- Prepare for on-site installations by reviewing site requirements
- Obtain software and review relevant documentation prior to visiting customer sites
- Stage the installation and upgrades in a lab environment prior to the site visit when necessary
- Perform implementation of software and hardware solutions; integrating with the customer's network and equipment
- Troubleshoot and resolve technical issues as they occur
- Provide basic system administration training to technical users
Sev1Tech is seeking a Tier 2 level Field Engineering Technician who will be regionally located throughout the Continental United States (CONUS) to provide IT support requiring hands-on intervention at DHS facilities and sites lacking local IT support.
Responsibilities include but are not limited to:
- Deploy to Department of Homeland Security (DHS) facilities requiring IT technical support services
- Determine the nature of a service outage at a location and initiate response activity to restore service
- Assess whether an outage is the result of a commercial circuit failure or if it is due to some internal failure at a facility
- Identify failed network or system components and either restore the failed components to an operational status or replace the components as required
- Escalate issues requiring addition, higher-level field engineering support (Tier 3)
- In performing the above responsibilities, coordinate closely with the customer, team leads, contract managers - and vendors as necessary
- Collaborate with customer/company and colleagues, and other resources to gain a better understanding of the issue(s) to be resolved
- Effectively manage time to respond to service calls in a timely fashion
- Complete intermediate installations and perform system test procedures
- Troubleshoot and resolve issues that cannot be solved remotely
- Perform smaller scale moves, adds, or changes of clients' equipment as needed
- Prepare for on-site installations by reviewing site requirements
- Obtain software and review relevant documentation prior to visiting customer sites
- Stage the installation and upgrades in a lab environment prior to the site visit when necessary
- Perform implementation of software and hardware solutions; integrating with the customer's network and equipment
- Troubleshoot and resolve technical issues as they occur
- Provide basic system administration training to technical users
Sev1Tech is looking for the right candidate to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The program will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
Sev1Tech seeks a Lead Content Developer/Cyber Threat Detection Developer, utilizing Splunk Enterprise Services or other SIEM tools to pro-actively research and then apply custom detection capabilities from disparate data sources such as: cyber threat intelligence, vulnerability data, campaign and indicators of compromise. These threat detection data types will be used to develop custom security, engineering, and or applicable dashboards; validate existing and/or create new correlation rules and alerts, as well as validate the index sources of the SIEM to ensure a thorough defense in depth for the enterprise.
Responsibilities include but are not limited to:
- Analyze data feeds and event logs
- Correlate the results with known threats, vulnerabilities, and incidents
- Create new security content and updates to Enterprise NOSC dashboards
- Develop, disseminate, and implement new security content such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Data Loss Prevention (DLP) correlation rules and cyber threat indicators
- Participate in Briefings to provide expert guidance on new threats and will act as an escalation point for cyber analysts and engineering leads
- Author reports and/or interface with customers for ad-hoc requests
- Participate in discussions to make recommendations on improving NOSC cyber visibility, process improvements, and reducing the incident remediation period
- Investigate and analyze all logs available within the SIEM, document workflows, and identify process improvements in the handling and remediation of cyber security events
- Leverage deep understanding of how to develop custom content within the Splunk SIEM using advanced SPL language and data models or other network security tools to detect threats and attacks
- Capture use cases from subscribers or other team members to develop custom correlation rule(s), validate and or create new dashboard(s) and validate all index sources for applicability within the Splunk environment
- Utilize knowledge of latest cyber threats and attack vectors to develop and or maintain custom Splunk correlation rules from all indexed sources to support continuous event monitoring and alerting
- Develop, manage, and maintain Splunk data models
- Review all existing network event sources to determine if relevant data is present and make technical recommendations to re-mediate any missing log components
- Review and or suggest new log and event index types as new devices are brought into the enterprise network
- Develop custom regex to create custom knowledge objects
- Developing custom SPL using macros, lookups, etc., and network security signatures such as SNORT, YARA and Zeek
- Develop custom dashboards and reports for customer stakeholders
- Train and mentor junior staff
Sev1Tech is looking for the right candidate to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The program will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
Sev1Tech seeks a Lead Content Developer/Cyber Threat Detection Developer, utilizing Splunk Enterprise Services or other SIEM tools to pro-actively research and then apply custom detection capabilities from disparate data sources such as: cyber threat intelligence, vulnerability data, campaign and indicators of compromise. These threat detection data types will be used to develop custom security, engineering, and or applicable dashboards; validate existing and/or create new correlation rules and alerts, as well as validate the index sources of the SIEM to ensure a thorough defense in depth for the enterprise.
Responsibilities include but are not limited to:
- Analyze data feeds and event logs
- Correlate the results with known threats, vulnerabilities, and incidents
- Create new security content and updates to Enterprise NOSC dashboards
- Develop, disseminate, and implement new security content such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Data Loss Prevention (DLP) correlation rules and cyber threat indicators
- Participate in Briefings to provide expert guidance on new threats and will act as an escalation point for cyber analysts and engineering leads
- Author reports and/or interface with customers for ad-hoc requests
- Participate in discussions to make recommendations on improving NOSC cyber visibility, process improvements, and reducing the incident remediation period
- Investigate and analyze all logs available within the SIEM, document workflows, and identify process improvements in the handling and remediation of cyber security events
- Leverage deep understanding of how to develop custom content within the Splunk SIEM using advanced SPL language and data models or other network security tools to detect threats and attacks
- Capture use cases from subscribers or other team members to develop custom correlation rule(s), validate and or create new dashboard(s) and validate all index sources for applicability within the Splunk environment
- Utilize knowledge of latest cyber threats and attack vectors to develop and or maintain custom Splunk correlation rules from all indexed sources to support continuous event monitoring and alerting
- Develop, manage, and maintain Splunk data models
- Review all existing network event sources to determine if relevant data is present and make technical recommendations to re-mediate any missing log components
- Review and or suggest new log and event index types as new devices are brought into the enterprise network
- Develop custom regex to create custom knowledge objects
- Developing custom SPL using macros, lookups, etc., and network security signatures such as SNORT, YARA and Zeek
- Develop custom dashboards and reports for customer stakeholders
- Train and mentor junior staff
Sev1Tech is looking for a Forensics/Malware Analyst SME to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
We're looking for a Forensics/Malware Analyst SME to conduct malware investigations and operations. Candidates will apply their technical and professional skill-sets to examine malware from various sources and perform appropriate analysis to improve cyber incident responses.
Responsibilities include but are not limited to:
- Conduct Mal-ware investigations and operations
- Examine submitted malware from cyber incident reporting and other sources
- Perform forensic analysis of digital information and gathers methods, indicators of compromise (IOC), evidence of Advanced Persistence Threat (APT) threat actors, trends, and mitigations
- Leverage scanning tools (i.e., VirusTotal) to conduct suspicious file scanning; performing queries, pivoting on indicators, and malware analysis on characteristics (Message-Digest Algorithm 5 (MD5), Secure Hash Algorithm 1 (SHA1), file size, file name, file paths, etc.)
- Use forensically sound procedures to identify network computer intrusion evidence and identifies perpetrators
- Contribute to cyber incident responses and other DoD Defense Industrial Base Collaborative Information Sharing Environment (DCISE) products
- Contribute to the general knowledge base of intelligence used to develop or enhance tools
- Provide guidance and direction to junior analysts
Sev1Tech is looking for a Forensics/Malware Analyst SME to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
We're looking for a Forensics/Malware Analyst SME to conduct malware investigations and operations. Candidates will apply their technical and professional skill-sets to examine malware from various sources and perform appropriate analysis to improve cyber incident responses.
Responsibilities include but are not limited to:
- Conduct Malware investigations and operations
- Examine submitted malware from cyber incident reporting and other sources
- Perform forensic analysis of digital information and gathers methods, indicators of compromise (IOC), evidence of Advanced Persistence Threat (APT) threat actors, trends, and mitigations
- Leverage scanning tools (i.e., VirusTotal) to conduct suspicious file scanning; performing queries, pivoting on indicators, and malware analysis on characteristics (Message-Digest Algorithm 5 (MD5), Secure Hash Algorithm 1 (SHA1), file size, file name, file paths, etc.)
- Use forensically sound procedures to identify network computer intrusion evidence and identifies perpetrators
- Contribute to cyber incident responses and other DoD Defense Industrial Base Collaborative Information Sharing Environment (DCISE) products
- Contribute to the general knowledge base of intelligence used to develop or enhance tools
- Provide guidance and direction to junior analysts
Sev1Tech is looking for the Cyber Threat Hunter to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
The Department of Homeland Security (DHS), Network Operations Security Center (NOSC) Cyber is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to DHS networks through monitoring, intrusion detection and protective security services to DHS information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The NOSC Cyber is responsible for the overall security of DHS Enterprise-wide information systems, and collects, investigates and reports any suspected and confirmed security violations.
Sev1Tech seeks a Cyber Threat Hunter to join our NOSC Cyber Team. The ideal Cyber Threat Hunter is someone who is process driven, curious, and enjoys identifying patterns and anomalies in data that are not immediately obvious.
Responsibilities include but are not limited to:
- Manage all aspects of the Cyber-Threat Hunt lifecycle, including creation and improvement of enterprise-specific Threat Models and threat hypotheses, plan and scope Threat Hunt campaigns, missions, and activities against a variety of threat types and identify enterprise defense gaps and propose potential mitigation activities
- Perform Cyber-Threat Hunt missions by identifying and investigating patterns and anomalies in data, suspicious network activities, including access from Outside the Continental United States (OCONUS) or utilization of non-standard credentials, anomalous or suspicious telemetry, and other Cyber Threat Intelligence
- Pro-actively search networks to detect and isolate advanced cybersecurity threats that evade in-place security solutions
- Regularly perform advanced analysis and adversary hunting activities to pro-actively uncover evidence of adversary presence on DHS networks
- Follow incident response procedures for detected insider threat activity
- Create Threat Models to better understand the DHS IT Enterprise, identify defensive gaps, and prioritize mitigations
- Author, update, and maintain SOPs, playbooks, work instructions
- Utilize Threat Intelligence and Threat Models to create threat hypotheses
- Plan and scope Threat Hunt Missions to verify threat hypotheses
- Pro-actively and iteratively search through systems and networks to detect advanced threats
- Analyze host, network, and application logs in addition to malware and code
- Prepare and report risk analysis and threat findings to appropriate stakeholders
- Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
- Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise
Sev1Tech is looking for the Cyber Threat Hunter to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
The Department of Homeland Security (DHS), Network Operations Security Center (NOSC) Cyber is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to DHS networks through monitoring, intrusion detection and protective security services to DHS information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The NOSC Cyber is responsible for the overall security of DHS Enterprise-wide information systems, and collects, investigates and reports any suspected and confirmed security violations.
Sev1Tech seeks a Cyber Threat Hunter to join our NOSC Cyber Team. The ideal Cyber Threat Hunter is someone who is process driven, curious, and enjoys identifying patterns and anomalies in data that are not immediately obvious.
Responsibilities include but are not limited to:
- Manage all aspects of the Cyber-Threat Hunt lifecycle, including creation and improvement of enterprise-specific Threat Models and threat hypotheses, plan and scope Threat Hunt campaigns, missions, and activities against a variety of threat types and identify enterprise defense gaps and propose potential mitigation activities
- Perform Cyber-Threat Hunt missions by identifying and investigating patterns and anomalies in data, suspicious network activities, including access from Outside the Continental United States (OCONUS) or utilization of non-standard credentials, anomalous or suspicious telemetry, and other Cyber Threat Intelligence
- Pro-actively search networks to detect and isolate advanced cybersecurity threats that evade in-place security solutions
- Regularly perform advanced analysis and adversary hunting activities to pro-actively uncover evidence of adversary presence on DHS networks
- Follow incident response procedures for detected insider threat activity
- Create Threat Models to better understand the DHS IT Enterprise, identify defensive gaps, and prioritize mitigations
- Author, update, and maintain SOPs, playbooks, work instructions
- Utilize Threat Intelligence and Threat Models to create threat hypotheses
- Plan and scope Threat Hunt Missions to verify threat hypotheses
- Pro-actively and iteratively search through systems and networks to detect advanced threats
- Analyze host, network, and application logs in addition to malware and code
- Prepare and report risk analysis and threat findings to appropriate stakeholders
- Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
- Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise
Sev1Tech is looking for Network Operations and Security Center (NOSC) Tier 2 Specialist to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The program will encompass a wide range of tasks including but not limited to: Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; Field Engineering technical support; and Cloud operations.
Responsibilities include but are not limited to:
- Monitor network, security, system, and cloud environments for events and perform triage analysis to identify or prevent incidents; perform network, security, system, and cloud incident response as needed
- Respond to incidents by collecting, analyzing, preserving digital evidence and ensure that incidents are recorded and tracked in accordance with NOSC requirements
- Work closely with other teams to assess - and provide recommendations for reducing - operational risks.
- Maintains records of monitoring and incident response activities, utilizing case management and ticketing technologies.
- Perform monitoring and analysis using Splunk analytics tools.
- Monitor dashboards for malicious events, phishing events, spoofing events, DDoS attacks, SQL Injection events, network connectivity events, system/device performance events and other potentially high-risk incidents
- Recognizes intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information
- Recommends changes to SOPs and related documentation.
- Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty
- Log all incident details and prioritization codes
- Provide Tier 2 support, including WAN and LAN connectivity, routers, firewalls, and security
- Support remote access platforms such as VPN, Terminal Services
- Assign unresolved incidents to higher Tier support or Internet service providers and product vendors to coordinate restoration of service and obtain the necessary information for recording/tracking the outage or degradation of service
- Keep component NOCs and SOCs informed of their incident's status at agreed intervals and continuously update incidents as needed
- Notify Government Leads and other stakeholders of high impact/priority failures using the appropriate escalation procedures
Sev1Tech is looking for Network Operations and Security Center (NOSC) Tier 2 Specialist to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The program will encompass a wide range of tasks including but not limited to: Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; Field Engineering technical support; and Cloud operations.
Responsibilities include but are not limited to:
- Monitor network, security, system, and cloud environments for events and perform triage analysis to identify or prevent incidents; perform network, security, system, and cloud incident response as needed
- Respond to incidents by collecting, analyzing, preserving digital evidence and ensure that incidents are recorded and tracked in accordance with NOSC requirements
- Work closely with other teams to assess - and provide recommendations for reducing - operational risks.
- Maintains records of monitoring and incident response activities, utilizing case management and ticketing technologies.
- Perform monitoring and analysis using Splunk analytics tools.
- Monitor dashboards for malicious events, phishing events, spoofing events, DDoS attacks, SQL Injection events, network connectivity events, system/device performance events and other potentially high-risk incidents
- Recognizes intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information
- Recommends changes to SOPs and related documentation.
- Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty
- Log all incident details and prioritization codes
- Provide Tier 2 support, including WAN and LAN connectivity, routers, firewalls, and security
- Support remote access platforms such as VPN, Terminal Services
- Assign unresolved incidents to higher Tier support or Internet service providers and product vendors to coordinate restoration of service and obtain the necessary information for recording/tracking the outage or degradation of service
- Keep component NOCs and SOCs informed of their incident's status at agreed intervals and continuously update incidents as needed
- Notify Government Leads and other stakeholders of high impact/priority failures using the appropriate escalation procedures
Sev1Tech is seeking a talented Splunk Engineer/Operator to join our team to support a new customer on a highly-visible contract. The Splunk Engineer/Operator will be a member of Network Operations and Security Center (NOSC) team uses Splunk for content development, analysis and will be expected to manage multiple assignments, changing priorities, and work independently with little oversight.
Responsibilities include but are not limited to:
- Build, implement, and administer Splunk in Windows and Linux environments
- Work with existing and custom Splunk applications and add-ons to fulfill customer needs
- Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles
- Editing and maintaining Splunk configuration files and apps
- Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources
- Provider operational support for Splunk Universal Forwarder on Linux and Windows endpoints
- Manage, and support automation solutions for Splunk deployment and orchestration in on-premise and cloud environments
- Documentation, reporting, presentation, teamwork, and DHS wide collaboration are among the expected duties and mission of the task order
Sev1Tech is seeking a talented Splunk Engineer/Operator to join our team to support a new customer on a highly-visible contract. The Splunk Engineer/Operator will be a member of Network Operations and Security Center (NOSC) team uses Splunk for content development, analysis and will be expected to manage multiple assignments, changing priorities, and work independently with little oversight.
Responsibilities include but are not limited to:
- Build, implement, and administer Splunk in Windows and Linux environments
- Work with existing and custom Splunk applications and add-ons to fulfill customer needs
- Provide operations and maintenance support for a distributed Splunk environment consisting of heavy forwarders, indexers, and search head servers, spanning security, performance, and operational roles
- Editing and maintaining Splunk configuration files and apps
- Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources
- Provider operational support for Splunk Universal Forwarder on Linux and Windows endpoints
- Manage, and support automation solutions for Splunk deployment and orchestration in on-premise and cloud environments
- Documentation, reporting, presentation, teamwork, and DHS wide collaboration are among the expected duties and mission of the task order
Sev1Tech has a need for a Security Orchestration Automation and Response (SOAR) Engineer working in a cross-functional capacity to identify, propose, design, develop, implement, integrate, and maintain security. The SOAR Engineer must be a cybersecurity and technical expert with the ability to clearly identify, capture, articulate, design, implement, and maintain security operations uses cases, including developing integration code to provide interoperability between disparate IT and security solutions and infrastructure components. The SOAR Engineer must have a solid background in cybersecurity technologies, including deploying enterprise platforms, conducting demonstrations, creating product documentation, training security analysts, and sustaining enterprise technology services. Additionally, the engineer must have a solid understanding of security operations, incident response, threat management, and enterprise IT and security engineering.
The SOAR Engineers provide expert support for the analysis, development and integration of the Swimlane SOAR Platform along with providing technical expertise to operational users. Works on complex technical problems and provides innovative solutions. Develops advanced technological ideas and guides their development into a final product.
Responsibilities include but are not limited to:
- Design, implement, and maintain Swimlane infrastructure develop and maintain custom Swimlane applications
- Develop and maintain Swimlane Case Management system to support an Enterprise ticketing system
- Serve as primary point of contact for Swimlane problem identification and resolution
- Create and maintain user, administrator, engineering, and compliance/accreditation documentation
- Manage and implement integration between components and security tools (e.g. send/receive data from component Swimlane, establish API connections with the network security stack, etc)
- Work with external teams to establish service accounts and/or API access
- Quickly grasp complex technical concepts and make them easily understandable in writing and network diagrams/illustrations
- Ensure SOAR capabilities are operational and developed to anticipate infrastructure growth
Sev1Tech has a need for a Security Orchestration Automation and Response (SOAR) Engineer working in a cross-functional capacity to identify, propose, design, develop, implement, integrate, and maintain security. The SOAR Engineer must be a cybersecurity and technical expert with the ability to clearly identify, capture, articulate, design, implement, and maintain security operations uses cases, including developing integration code to provide interoperability between disparate IT and security solutions and infrastructure components. The SOAR Engineer must have a solid background in cybersecurity technologies, including deploying enterprise platforms, conducting demonstrations, creating product documentation, training security analysts, and sustaining enterprise technology services. Additionally, the engineer must have a solid understanding of security operations, incident response, threat management, and enterprise IT and security engineering.
The SOAR Engineers provide expert support for the analysis, development and integration of the Swimlane SOAR Platform along with providing technical expertise to operational users. Works on complex technical problems and provides innovative solutions. Develops advanced technological ideas and guides their development into a final product.
Responsibilities include but are not limited to:
- Design, implement, and maintain Swimlane infrastructure develop and maintain custom Swimlane applications
- Develop and maintain Swimlane Case Management system to support an Enterprise ticketing system
- Serve as primary point of contact for Swimlane problem identification and resolution
- Create and maintain user, administrator, engineering, and compliance/accreditation documentation
- Manage and implement integration between components and security tools (e.g. send/receive data from component Swimlane, establish API connections with the network security stack, etc)
- Work with external teams to establish service accounts and/or API access
- Quickly grasp complex technical concepts and make them easily understandable in writing and network diagrams/illustrations
- Ensure SOAR capabilities are operational and developed to anticipate infrastructure growth
Sev1Tech is looking for an Engineering and Integration Manager to lead a pool of technical resources who support the development and deployment of a centralized Cloud Management Platform as well as Platform as a Service solutions; assist development teams with application migrations and other special projects involving applications, data, and the introduction of new XaaS; implement Shared Services; and integrate SAS capabilities. The Engineering and Integration Manager reports to the BPA Task Order Program Manager.
Responsibilities include but are not limited to:
- Assess resource requirements for engineering and integration
- Determine best resource mix for specific projects
- Assign engineering and integration resources to Technical Delivery Managers
- Establish and ensure adherence to engineering processes for building and deploying cloud solutions and services
- Balance and manage the priorities of a diverse team of engineering resources, in coordination the leadership team
- Ensure that E&I staff maintain required technical skill-sets through training and certifications
- Respond to ad hoc requests from program leadership and customers as needed
- Oversee technology evaluations and pilot projects