General Dynamics Information Technology (GDIT) a leading provider of systems engineering, integration, IT service operations and support solutions, is seeking talented professionals to deliver valuable services and solutions to our customers. GDIT has a great team consisting of experienced and knowledgeable managers who lead and support the career development objectives of our employees. Our employees consider the company to be a solid partner in their career, with an abundance of opportunities for advancement.GDIT is looking for a SIEM Administrator. The Administrator is responsible for the architecture, installation, administration, and development of the SIEM solution. To include, log aggregation, parsing, and alert monitoring. The expectation is to enhance the enterprise infrastructure through the SIEM by supporting application and server data, reporting, custom queries, dashboards, and security roles administration.Responsibilities:
Install and manage automatic updates to QRadar SIEM assets
Configure QRadar backup and restore policies
Leverage QRadar administration tools to aggregate, review, and interpret metrics
Use network hierarchy objects to manage QRadar SIEM objects and groups
Manage QRadar hosts and licenses and deploy assets
Monitor the health of assets in a QRadar deployment
Configure system settings and asset profiles
Configure reasons that QRadar administrators use to close offenses
Create the credentials used to perform authenticated scans
Manage, route, and store event and flow data
Use domains in QRadar SIEM to act as a filter for events, flows, scanners, assets, rules, offenses, and retention policies
Manage custom properties for assets, events, and flows
Plan QRadar upgrade and migration.
Review documentation and release notes.
Perform migration (e.g., backup and restore, import and export content).
Create and administer users, user roles, and security profiles.
Create, review and modify rules, building blocks and reference sets.
Create and manage saved searches, index, global views, dashboards and reports.
Deploy and manage applications and content packages.
Configure global system notifications.
Use the asset database.
Schedule and run a VA scan.
Monitor QRadar Notifications and error messages.
Review and interpret system monitoring dashboards.
Monitor QRadar performance.
Use apps and tools for monitoring (e.g., QDI, assistant app, incident overview).
Monitor offenses and detect anomalies.
Explain error messages and notifications.
Interpret the basic logs (e.g., qradar.error, qradar.log).
Use embedded troubleshooting tools and scripts.
Develop advanced SIEM correlation rules, reports and dashboards to detect emerging threats
Manage, develop and tune the scripts that integrate SIEM
Create technical documentation around the content deployed to the SIEM
Monitor the impact of deploying new content to the health and performance of the SIEM
Lead logging enrollments from multi-tier applications into the enterprise logging platforms
Develop specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
Develop advanced scripts for manipulation of multiple data repositories to support analyst requirements
Develop advanced reports to meet the requirements of key stakeholders
Develop scalable security management tools and processes
Develop automation for security tools management
Collaborate with key stakeholders within Cyber Security to develop specific use cases to address specific business needs
Collaborate with application owners to define and establish logging standards to address various governance requirements.
Safeguards information system assets by identifying and solving potential and actual security problems.
Recognizes problems by identifying abnormalities; reporting violations.
Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
Determines security violations and inefficiencies by conducting periodic audits.
Keeps users informed by preparing performance reports; communicating system status.
Maintains quality service by following organization standards.
Maintains technical knowledge by attending educational workshops; reviewing publications.
Contributes to team effort by accomplishing related results as needed.
Over 3+ years of experience with QRADAR
Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing
Experience with deploying and managing a large SIEM deployment
Excellent understanding of enterprise logging standards, with a focus on application logging
5+ years of experience with QRadar, ArcSight and/or Splunk SIEM systems
Excellent understanding of regular expressions, development of custom/flex Parsers
Excellent Python and Unix Shell scripting skills
Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.
5+ years of network security and system security experience, supporting security event management tools (SIEMs)
Excellent understanding of Cyber Security Operations, Incident Response processes
Excellent understanding of web application architectures and web services
Excellent communication skill
Ability to drive multiple efforts with minimum supervision
Security Infrastructure management and support experience
System administration experience in a Windows and Unix environment
Experience in using scripting languages to automate tasks and manipulate data. Programming experience is a plus
Experience working in a large enterprise environment
Experience integrating solutions in a multi-vendor environment.
Operating Systems (RedHat, CentOS, other *Nix and Windows (Server and Workstation))
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.