DirectViz Solutions, LLC
  • Pyeongtaek, KOR
  • Salary
  • Full Time

DirectViz Solutions, LLC. is a high-level, strategic consulting services firm that meets mission needs for government clients. We seek Security Information Event Management (SIEM) Defensive Cyber Operations (DCO) Support Personnel.  The work location will be at J6, Camp Humphreys, Korea. This position requires possession of US TS/SCI clearance, maintaining the baseline certification to the position designated lAWDOD8570.01-M, special position Cyber Security Service Provider(CSSP) certification and applicable Computing Environment(CE) training/certification within 6 months.

Defensive Cyber Operations (DCO) Analyst in coordination with the Incident Response Management Program on government provided security tool(s). The scope of this effort includes managing the prevention, detection, forensic analysis, and reporting through resolution of all security incidents to include reporting network compliance, dashboard executive and operations center views.

  • Receive and analyze network alerts from various sources within the networked environment/enclave and determine possible causes of alerts.
  • Coordinate with other cyber security staff to validate network alerts to determine validity for further mitigation, as applicable.
  • Perform analysis of log files from a variety of sources within the networked environment/enclave, to include individual host logs, network traffic logs, firewall logs and intrusion detection /prevention logs.
  • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
  • Monitor external data sources (e.g. vendor sites, Computer Emergency Response Teams, SANS) to maintain currency of threat condition and determine which security issues may have an impact on the networked environment/enclave.
  • Construct or assist in the construction of signature or configuration of network security tools in response to new or observed threats to maintain continuous updates and monitoring for threats within the networked environment/enclave.
  • Perform event correlation using information gathered from a variety of sources within the networked environment/enclave to gain situational awareness and determine the effectiveness of an observed attack.
  • Notify and report managers and incident responders along with other CSSP team members of suspended incidents and articulate the event's history, status and potential impact for further action through mitigation.
  • Configure, edit and manage changes to the networked SIEM and associated sensors and software, design and modify all aspects of the employment of the SIEM for improved security following Change Management policy and guidance.
  • Perform system administration and operations and maintenance on SIEM and support other specialized security tool integration, as required, to installation, configuration, maintenance, redundancy and backup/restore, as applicable.
  • Support Risk Management Framework (RMF) Assessment and Authorization (A&A) requirements for authorizing system employment and change management related to the SIEM.
  • Coordinate to manage and administer updating rules, signatures, blacklisting, whitelisting in coordination with other CSSP support for testing, optimization and modification for security improvement and continuous monitoring.
  • Provide support for malware prevention, protection, detection on endpoints, enclave boundaries, demilitarized zone (DMZ) and all areas of coverage identified by the approved security architecture.
  • Monitor and report Information Condition (INFOCON) changes to the networked environment/enclave.
  • Provide Information Security Continuous Monitoring for asset monitoring, asset data correlation and analysis, assess state of security controls, network management areas and reportable cyber events and incidents.
  • Provide support to security architecture to prevent insider threat for user activity monitoring and auditing and support chain of custody requirements as applicable for incident management.
  • Provide Warning Intelligence and take initial actions on warning intelligence, analyze cyber security threats to prevent and mitigate the potential impact.
  • Provide Attack Sensing and Warning (AS&W) support, receive and distribute information, analyze suspicious or malicious network traffic to prevent and mitigate potential impact.
  • Provide Incident Handling support to analyze and detect cyber events and incidents to support preliminary cyber incident response actions, analyze and develop a response to further mitigate operational and technical impact.

DirectViz Solutions, LLC provides equal employment opportunity to all individuals regardless of race, color, creed, religion, gender, age, sexual orientation, national origin or ancestry, disability, genetic information, veteran status, gender identification or any other characteristic protected by state, federal or local law.

DirectViz Solutions, LLC
  • Apply Now

    with our quick 3 minute Application!

  • * Fields Are Required

    What is your full name?

    How can we contact you?

  • Sign Up For Job Alerts!

  • Follow Jobs:
  • Follow Our Jobs On Facebook
  • Share This Page
.
logo Home Solutions Clients Partners Contracts Careers About Us