Monitoring - SME

Job Title

Monitoring - SME

Location

Beltsville, MD 20708 US
Rosslyn, VA 22209 US (Primary)

Category

Information Technology

Job Type

Full-time

Career Level

Experienced (Non-Manager)

Education

High School / GED

Travel

None

Security Clearance Required

Secret

Job Description

TMC Technologies is in search of a Monitoring - SME to support a federal client in Rosslyn, VA.  The candidate must be a US Citizen with an active Secret clearance and the ability to obtain Top Secret due to federal contract requirements.  The Monitoring SME role will be located in Beltsville, MD and Roslyn, VA.  This role supports the Cyber Incident Response Team (CIRT) as a key member of Incident Response Tiger Team.  The customer requirement requires every employee to be onsite for the first 90 days. After the 90 day period, a hybrid schedule may be offered.  The selected candidate must be able to support a hybrid and flexible schedule, in the event of significant cyber incident a continuous on site presence will be required. The Monitoring - SME, in support of the CIRT mission, will:

- Provide Subject Matter Expert (SME) level Cloud Monitoring support in a 24x7x365 environment.
- Share in-depth knowledge and intelligence gained from cyber security events with stakeholders.
- Protect against and prevent potential cyber security threats and vulnerabilities.
- Provide SME level response, technical assistance and expertise for significant cyber incidents, investigations and related operational events.
- Develop and implement training programs for monitoring analysts.
- Conduct detailed research to increase awareness and readiness levels of the security operations center.
- Conduct advanced analysis and recommend remediation steps.
- Analyze network events to determine impact.
- Conduct all-source research to determine threat capability and intent.
- Develop and maintain analytical procedures to meet changing requirements.
- Coordinate during significant cyber incidents.
- Develop content for cyber defense tools.
- Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
- Determine tactics, techniques, and procedures for intrusion sets.
- Work with stakeholders to resolve computer security incidents and vulnerability compliance.
- Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support incident response.
- Publish after-action reports, cyber defense techniques, guidance, and incident reports.
- Review, draft, edit, update and publish cyber incident response plans.   

Job Requirements

- Bachelor’s Degree and a minimum of 14 years’ experience or a Master's Degree and a minimum of 12 years experience is required. An additional 4 years of experience may be substituted in lieu of degree.
- Ability to obtain Top Secret security clearance is required, can join with a Secret clearance. 

- Must have one of the following certifications:
CASP CE
CCNP Security
CISA
CISSP (or Associate)
CISSP-ISSAP
CISSP-ISSEP
GCED
GCIH

- Experience with cloud computing technologies to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
- Expertise in traditional computing technologies architecture, design and security.
- Expertise in planning, implementation and usage of log aggregation and security analysis tools.
- Demonstrated knowledge utilizing native security and logging tools and centralized log aggregation utilizing a variety of methods.
- Demonstrated knowledge of the Incident Response Lifecycle and how it applies to cloud, legacy and hybrid environments.
- Ability to identify remediation steps for cybersecurity events.
- Demonstrated ability to utilize and leverage forensic tools to assist in determining scope and severity of a cybersecurity incident.
- Strong organizational skills.
- Proven ability to operate in a time sensitive environment. 
- Proven ability to communicate orally and written.
- Proven ability to brief (technical/informational) senior leadership.
- Ability to scope and perform impact analysis on incidents.
 
Preferred Qualifications:

Knowledge of network architecture, design and security.
Ability to analyze static and dynamic malware analysis reports.
Ability to analyze and identify anomalous code as malicious or benign.
Skill in detecting host and network based intrusions via intrusion detection technologies.
Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
Knowledge of system administration, network, and operating system hardening techniques.
Knowledge of packet-level analysis using appropriate tools.
Knowledge of intersection of on-prem and cloud-based technologies.
Knowledge of system design and process methodologies.
Experience in developing and delivering comprehensive training programs. 
Experience collaborating with cross functional teams.
Experience working in the intra agency environment. 
Ability to communicate technical concepts to executive level leadership.

We are equal opportunity/affirmative action employers, committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status, or any other protected characteristic under state or local law.