Intermediate Top Secret Cleared Incident Management Specialist to improve the monitoring and incident handling procedures of several prototype cross domain

Our public sector client requires an Intermediate Top Secret Cleared Incident Management Specialist to improve the monitoring and incident handling procedures of several prototype cross domain solutions systems and products in the public sector.

Responsibilities:

• Conduct threat hunting activities on network and system resources, providing written reports on any threats found on the IT infrastructure.
• Develop signatures for intrusion detection tools.
• Configure hosts and network appliances to forward logs to log aggregators,
• Configure audit logging on Linux and Windows hosts and network appliances,
• Install and configure log aggregators with scripted data filtering,
• Install and configure full packet capture devices,
• Install and configure network intrusion detection systems,
• Develop Security Information and Event Management (SIEM) Dashboards,
• Develop Information Security Incident Handling (ISIH) procedures

Must Have:

• 5+ years experience as an Incident Management Specialist
• Experience providing network monitoring for classified systems
• Experience supporting Splunk Enterprise or the Elastic Stack

Nice to Have:

• Network Certification