Complete Description:

The role of this function involves experience SEIM administration and experience with other log management technologies.

The SEIM Developer shall be responsible for the following, but not limited to:

•  Implement, support and test information security technologies.

Develop, implement and maintain information security policies and procedures.

Anticipate and identify threats and vulnerabilities through monitoring, analysis, planning, and engineering.

Provide subject matter expertise on enterprise cyber security risks, threats, technologies, and potential impact.

• Assist customers in the response to security incidents, conduct investigations on behalf of the DC IT Security team.

• Work with Agency departments and 3rd parties to design and implement remediation and recovery plans.

• Develop custom scripts and tools to solve specific programs related to investigations.

• Research new techniques and artifacts and present findings in daily reports, white papers, conference presentations, and other media.

• Perform as subject matter expert on INTEL SEIM Security Suite.

• Perform all administration, management, configuration, testing, and integration tasks related to the Client INTEL SEIM system focusing primarily on content development, reporting, and metrics.

• Deliver customization to the Client INTEL ESM platform to facilitate operations.

• Create rules, filters, active channels, queries, trends and all other informational content based on use cases.

• Develop, implement, maintain and execute standard content development practices for the Client INTEL SEIM system infrastructure.

• Work with business unit SMEs on use cases and to create correlation rules and content that is relevant to that business unit.

• Communicate and collaborate with security operations center analysts to optimize Client INTEL SEIM performance to better meet the needs of operations.

• Tune correlation rules and event data quality to maximize INTEL SEIM system efficiency.

• Provide support recommendations and optimization for the INTEL SEIM platform; as well as SEIM expertise and input related to protecting company's cyber related assets.

• As part of a team, provide secondary operational support of a tiered INTEL SEIM to include; INTEL ESM, Connector appliances, SmartConnectors, Logger appliances, Windows and Linux servers and a variety of network and security related devices.

• Perform secondary support for upgrades and apply patches and/or bug fixes to INTEL ESM.

• Use INTEL ESM and Remedy in the daily operational work and workflow.

• Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business unit stakeholder SMEs.

Behavioral Characteristics:

Working in a collaborative team environment, the Incident Response and Forensic Consultant will work with stakeholders to identify, investigate and remediate anomalies within a secure network infrastructure and support best practices.