Description

About the job
Position Description

Assist in maintaining the NCAOC Security Operations Center security posture.
Responsible on Weekends and Holidays to respond to Network Operations Center priority one circuit outages.
Responsible for creating, triaging, updating, and seeing closure of Security
Operations Incident, Request, and Enterprise Change Management tickets.
Monitors and maintains Firewalls and corresponding management tools (FMC,
ASDM), Intrusion Prevention Systems (IPS), Vulnerability Management (VM), Cisco
Umbrella domain name security, ISE network Access Control, Posturing, and Profiling,
IPsec VPN tunnels, AnyConnect remote users and security module, Third Party Partner
Security Incident and Event Manager (SIEM), and other network and cloud securitytools.
Use tools (Wireshark and interface captures, and log searching) to assist in
troubleshooting network, device configuration, and network security related problems.
Responsible for firewall cleanup processes, tasks, and learning firewall tools to
assist in performing these processes and tasks.
Follow and maintain SOC process and technology documentation.
Open and work to close vendor TAC cases, mostly Cisco, to resolve incidents and
device issues.
Provide reports and metrics for the SOC Supervisor or Operations and
Administration Manager as requested.
Interface with all other TSD technical teams in initiatives and activities the require
Security Operations Center resources.
Monitor and respond to Third Party Partner initiated security investigations.
Provide support of the established Incident Response Policy from beginning
preparation and prevention through post-incident activity.
Subscribe to and monitor Security Product Advisories and Cybersecurity
Organization Bulletins researching and ensuring coverage of security device risks and
Common Vulnerability Enumerations (CVE)
Update PSIRT/CVE spreadsheet or other report tracking mechanism to report
progress and coverage of Security Product Advisories and Cybersecurity Organization
Bulletins.
Monitor and Maintain the IPS signatures, Block lists, URL reputation lists, and
malware file lists to ensure latest security recommendations are implemented.
Use monitoring and security diagnostic tools to hunt for network and device
vulnerabilities, security risks and potential threats.
Research trends to assist the Security Operations team in staying up to date on
industry best practices and current Cybersecurity trends, tools, techniques, and
procedures.
Evaluate, plan, and implement network devices, (switches, routers, management
tools, etc.) and network security devices and tools (firewalls, IPS, ISE, etc.) upgrades
and patches on a monthly and as needed schedule.
Coordinates with various TSD teams in the evaluation, planning and
implementation of patching, upgrading, and maintenance.
Update patching spreadsheet to reflect historic and current versioning.
Uses software tools to manage patching, upgrading and maintenance of network
and security devices (Visio, Microsoft Office, etc.)
Attend classes, seminars, webinars, conferences, training sites, and research product
documentation, to enhance professional development and to progress in the field of Network
and Cybersecurity trends and developments.
Use NCAOC provided resources to attain Security Professional Certificates, (Ex.
Cisco CCNA routing and switching, CCNA Security, CCNP Security, CISSP)

Skills Required

Required experience of 3 years in following:

Configuration and administration of Cisco ASA Firewalls - 3 years
Configuration and administration of Cisco FTD Firewalls - 3 years
Fundamental knowledge of the following, IPsec, IPS/IDS Snort Engine, SIEM, Identity Services

Engine (ISE), Vulnerability Management - 3 years

Fundamentals in the areas of enterprise network topology, routers, switches, servers, NAT, DNS;

TCP/IP architecture and functionality - 3 years

Works independently to accomplish short and long term project goals with clear and concise

communication to members and management - 3 years

Education

Any Graduate