SIEM Administrator

Clearance Level
None
Category
Cyber Security
Location
Alexandria, Virginia

REQ#: RQ90175

Travel Required: None
Public Trust: NACI (T1)
Requisition Type: Regular
General Dynamics Information Technology (GDIT) a leading provider of systems engineering, integration, IT service operations and support solutions, is seeking talented professionals to deliver valuable services and solutions to our customers.  GDIT has a great team consisting of experienced and knowledgeable managers who lead and support the career development objectives of our employees.  Our employees consider the company to be a solid partner in their career, with an abundance of opportunities for advancement.GDIT is looking for a SIEM Administrator.  The Administrator is responsible for the architecture, installation, administration, and development of the SIEM solution.  To include, log aggregation, parsing, and alert monitoring. The expectation is to enhance the enterprise infrastructure through the SIEM by supporting application and server data, reporting, custom queries, dashboards, and security roles administration.Responsibilities:
  • Install and manage automatic updates to QRadar SIEM assets
  • Configure QRadar backup and restore policies
  • Leverage QRadar administration tools to aggregate, review, and interpret metrics
  • Use network hierarchy objects to manage QRadar SIEM objects and groups
  • Manage QRadar hosts and licenses and deploy assets
  • Monitor the health of assets in a QRadar deployment
  • Configure system settings and asset profiles
  • Configure reasons that QRadar administrators use to close offenses
  • Create the credentials used to perform authenticated scans
  • Manage, route, and store event and flow data
  • Use domains in QRadar SIEM to act as a filter for events, flows, scanners, assets, rules, offenses, and retention policies
  • Manage custom properties for assets, events, and flows
  • Plan QRadar upgrade and migration.
  • Review documentation and release notes.
  • Perform migration (e.g., backup and restore, import and export content).
  • Create and administer users, user roles, and security profiles.
  • Create, review and modify rules, building blocks and reference sets.
  • Create and manage saved searches, index, global views, dashboards and reports.
  • Deploy and manage applications and content packages.
  • Configure global system notifications.
  • Use the asset database. 
  • Schedule and run a VA scan. 
  • Monitor QRadar Notifications and error messages.
  • Review and interpret system monitoring dashboards.
  • Monitor QRadar performance. 
  • Use apps and tools for monitoring (e.g., QDI, assistant app, incident overview).
  • Monitor offenses and detect anomalies.
  • Explain error messages and notifications. 
  • Interpret the basic logs (e.g., qradar.error, qradar.log).
  • Use embedded troubleshooting tools and scripts.
  • Develop advanced SIEM correlation rules, reports and dashboards to detect emerging threats
  • Manage, develop and tune  the scripts that integrate SIEM
  • Create technical documentation around the content deployed to the SIEM
  • Monitor the impact of deploying new content to the health and performance of the SIEM
  • Lead logging enrollments from multi-tier applications into the enterprise logging platforms
  • Develop specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
  • Develop advanced scripts for manipulation of multiple data repositories to support analyst requirements
  • Develop advanced reports to meet the requirements of key stakeholders
  • Develop scalable security management tools and processes
  • Develop automation for security tools management
  • Collaborate with key stakeholders within Cyber Security to develop specific use cases to address specific business needs
  • Collaborate with application owners to define and establish logging standards to address various governance requirements.
  • Safeguards information system assets by identifying and solving potential and actual security problems.
  • Recognizes problems by identifying abnormalities; reporting violations.
  • Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
  • Determines security violations and inefficiencies by conducting periodic audits.
  • Keeps users informed by preparing performance reports; communicating system status.
  • Maintains quality service by following organization standards.
  • Maintains technical knowledge by attending educational workshops; reviewing publications.
  • Contributes to team effort by accomplishing related results as needed.
Qualifications 
  • Over 3+ years of experience with QRADAR
  • Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing
  • Experience with deploying and managing a large SIEM deployment
  • Excellent understanding of enterprise logging standards, with a focus on application logging
  • 5+ years of experience with QRadar, ArcSight and/or Splunk SIEM systems   
  • Excellent understanding of regular expressions, development of custom/flex Parsers
  • Excellent Python and Unix Shell scripting skills
  • Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.
  • 5+ years of network security and system security experience, supporting security event management tools (SIEMs)
  • Excellent understanding of Cyber Security Operations, Incident Response processes
  •  Excellent understanding of web application architectures and web services
  • Excellent communication skill
  • Ability to drive multiple efforts with minimum supervision
  • Security Infrastructure management and support experience
  • System administration experience in a Windows and Unix environment
  •  Experience in using scripting languages to automate tasks and manipulate data. Programming experience is a plus
  • Experience working in a large enterprise environment
  • Experience integrating solutions in a multi-vendor environment.
Basic Knowledge:
  • Operating Systems (RedHat, CentOS, other *Nix and Windows (Server and Workstation))
  • Networking (Sub Netting, IPFIX (Flow), routing, etc.)
  • Basic Query Language
  • Regular Expressions (RegEx)
  • System architecture design
  • Security platforms (Firewalls, ISP\IDS, EDR, etc.)
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.