Location: Richmond, VA
Duration: 3 Months
- Investigate, analyze, and respond to security events and incidents within the environment.
- Use data collected from a variety of security tools (e.g., SIEM, IDS, A/V) to analyze events for the purpose of mitigating threats.
- Conduct and document investigations of suspect or potential security incidents, policy and standards violations and compromises throughout the enterprise, including audits of complex computer applications and technological solutions.
- Monitor intrusion attempts and system logs, and ensure applicable system configurations are consistent with enterprise information security policy.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of Windows/Linux/Unix OS, ports and services.
- Skill in SQL, PowerShell, Active Directory Services, Group Policy.
- Knowledge of network traffic analysis methods and skill in detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
- Skill in using security event correlation tools.
- Skill in vulnerability assessment tools and management.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Skill in protecting a network against malware (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
- Skill of identifying, capturing, containing, and reporting malware.
- Skill in security incident response, digital forensics, penetration testing