Your Impact:

Come be a part of an exciting and ever-changing program that provides a comprehensive range of state-of-the-art solutions and hands-on assistance in designing, implementing, managing, and sustaining operations across various network environments for our customer.

We provide an environment that fosters and supports innovation and valuing “outside-the-box” thinking to solve complex problems. There are several training opportunities for team members that want to learn new technologies and stay current with their technical skill set. We are a highly technical group and nurture growth, with a technical culture of cross-trained teammates with opportunities to develop additional skill-sets.

Responsibilities:

• Work with the customer to determine log management and SIEM needs and evaluate existing systems for improvements, gaps, and next generation architecture and design.

• Designs and deploys new systems and upgrades existing systems as needed to meet customer needs and protect systems from emerging threats.

• Identify gaps in malicious activity detection capabilities, create new signatures / rules to improve detection of malicious activity and test and tune existing signatures / rules to ensure low rate of false positives.

• Assist in playbook development for alert triage and Incident Response, define and implement alert and threat detection metrics, statistics, and analytics.

• Recommend new tools/technologies to improve network visibility, support Incident Response and Forensic operations as required to include static/dynamic malware analysis and reverse engineering, and author and maintain scripts for threat detection and automation.

• Have direct hands on experience with tools such as Logstash, Podman, Docker, Splunk, Corelight, Security Onion, Windows Operating System, and Red Hat Enterprise License.

• This position is a true “hands-on-keyboard” role in which you will be required to both independently, and as part of a broader team, install, configure, and maintain Splunk and other SOC related applications.

#divergent

Here’s what you’ll need :

• Experience deploying, maintaining, and configuring Splunk and other SIEM tools

• Experience and in-depth understanding of Security Event Management

• Experience designing infrastructure to meet customer requirements

• Strong working knowledge of both Windows and Linux systems, with scripting experience

• Experience administering and working within a virtualized environment

• Ability to articulate technical solutions to a wide range of difficult problems with various levels of stakeholders

• Experience working with ticketing systems (i.e. Jira, ServiceNow, etc)

• Experience working within classified enterprise networks

• Experience creating technical documentation to include diagrams, both logical and physical

Required IAT Certs:

• One or more of the following: CASP , CISA, CISSP, GCIH, CEH, GIAC, or GCIA

Required Vendor Cert:

• One or more of the following: Splunk, Microsoft, Cisco, Linux, or any other related vendor certification. If not currently achieved, then must achieve within 6 months of hire

Clearance Required:

• Active TS/SCI

Minimum Years of Experience:

• 4 years of experience working as an ISSE or within a SOC

Preferred:

• Python and/or Ansible Scripting experience

• Prior military experience

Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, creed, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, medical condition, marital or domestic partner status, sexual orientation, gender, gender identity, gender expression and transgender status, mental disability or physical disability, genetic information, military or veteran status, citizenship, low-income status or any other status or characteristic protected by applicable law. Learn more about your rights under Federal EEO laws and supplemental language.