Network Security Analyst Jobs

We are looking for 4 Network analysts with specializing in any one of the below skills.

Responsibilities:

1.Custom Managed Scanning Services

• Advise client IT Operations and applicable service providers on methods to reduce vulnerabilities and misconfigurations.
• Identify software installed on scanned systems with known vulnerabilities
• Coordination with the team members building configuration baselines
• Perform targeted scanning to identify specific vulnerabilities within the client's environment
• Our client has an existing Tenable scanning solution that requires fulltime staff to support operation and management. Staff Augmentation provider will provide a minimum of two (2) Tier 3 engineers to support the following functions:
• Perform both credentialed and un-credentialed scans in accordance with agency security policies and standards
• Identify rouge devices after each scan and notify client's IT Operations and applicable service providers a minimum of monthly – rogue devices are those devices that are scanned but not identified as legitimate assets in the client's environment
• Scans are configured to scan all devices in the client's environment
• Notify client IT Operations and applicable service providers of any identified vulnerabilities and misconfigurations in a method determined by client's
• Advise client IT Operations and applicable service providers on methods to refine client's patching process to ensure that results of the scans are communicated to the appropriate operational teams responsible for ensuring vulnerabilities and misconfigurations and ensure they are mitigated or remediated in accordance with agency policy.
• Ensuring the solution is configured to client's requirements
• Administration of the Tenable application including coordinating with operational team for patching.

2.Custom Managed Endpoint Protection

• Management and administration of EDR tool (currently Microsoft Defender for Endpoint and CISCO Secure Endpoint)
• Vendor Updates to tools
• Reporting
• Client has two (2) endpoint protection solutions that require fulltime staff to support operation and management. Staff Augmentation provider will provide a minimum of one (1) Tier 3 engineer to support the following functions:

3.Managed CISCO Secure Network Analytics Service

• Patch and update installation – Ensure that the Secure Network Analytics system is up-to-date with the current software release (Version N) or current stable release (Version N-1)
• Move/Add/Change/Delete (MACD) – Perform changes to the configuration of the Secure Network Analytics management system, as directed by client's.
• Analytics Service supports the creation and monitoring of alerts, policies, and host groups. Additionally, the Managed Secure Network Analytics Service performs for client's four critical activities:
• Performance and Health Monitoring – Ensuring that the monitored device is operating as expected (e.g., up/down status), system resource utilization (e.g., CPU, MEMORY) and environmental indicators (e.g., temperature, power) as available through the specific endpoint management tool.
• Alert/Notifications – Providing alerts or notifications to the designated client's point of contact or group of any variance from the specified norms for performance or system health and security related alerts/notifications as defined by client's’s security policy.
• The Managed Secure Network Analytics Service is a security service utilizing client's-provided hardware enabling network visibility monitoring and alerting. Once network traffic reaches key network devices such as firewalls, routers, switches or specific devices designed to split network traffic such as a SPAN or TAP ports netflows can be generated and sent to Secure Network Analytics. This enables client's to have better visibility of North-South traffic as well as East-West traffic. Client can define its own security policies and tailor the Secure Network Analytics alerts to match expected or unexpected network traffic. The Managed Secure Network

4.Security Information and Event Management (SIEM) administration

• Staff Augmentation provider will Provide a minimum of two (2) dedicated SIEM engineers to manage Azure Sentinel SIEM solution.
• Updates to correlations, alerting rules, customization of dashboards, views, and reports
• Client currently utilizes the Microsoft Sentinel SIEM solution. SIEM aggregates the event data that is produced by monitoring, assessment, detection, and response solutions deployed across application, network, endpoint and cloud environments. Capabilities include threat detection, through correlation and user and entity behavior analytics (UEBA), and response integrations commonly managed through security orchestration, automation, and response (SOAR).
• Provide content management