Huntington Ingalls Industries EVENT MANAGEMENT ANALYST 1 in Newport News, Virginia
EVENT MANAGEMENT ANALYST 1
External Job Description:
CSIRT Event Handlers are responsible for the CNDC event management which includes the development, implementation, and maintenance of all CNDC related security events and alerts.
• Event Handling – Respond to information security events (Intrusion, Malware, Phishing, etc.) as received via email alert/alarm or anomalous behavior observed in security logs.
• Security Monitoring – Collect and correlate logs from various sources to include intrusion detection systems, firewalls, border routers, email gateways, web proxy, endpoints, etc. Examine logs specific to monitoring network/computer activities for anomalous behavior.
• Event Management – Correlate events and create custom rules based on provided threat intel for high fidelity alerting.
• Event Handler
• Security Monitor
• Custom Rule Developer
• Respond appropriately to all CND generated alerts
• Quickly determine (within 15 minutes) if an alert needs to be escalated up to the IR team or another SME brought in
• Update workflows and processes on managing alerts
• Gather metrics and statistics on events for reporting to management
• Monitor security devices including, but not limited to SEIM, IDS, Flow Collector, etc. for anomalous behavior
• Monitor spam submittals and secure email gateway alerts for targeted phishing attacks
Custom Rule Developer:
• Receive IOCs such as IP addresses, domains, unique process names, process paths and services to create new signatures for host/network behaviors
• Tweak rules to avoid false positives and create high fidelity alerts
Investigates and analyzes all response activities related to cyber incidents within the network environment or enclave. Collects data from a variety of Computer Network Defense (CND) tools, including intrusion detection system alerts, firewall and network traffic logs, and host system logs to analyze events that occur within their environment. Provides operations for persistent monitoring of all designated networks, enclaves, and systems. Interprets, analyzes, and reports all events and anomalies in accordance with computer network directives, including initiating, responding, and reporting discovered events. Executes first level (initial) responses and addresses reported or detected incidents. Conducts network of software vulnerability assessments and penetration testing utilizing reverse engineering techniques. Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Evaluates system security configurations. Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to determine both functionality and intent of software systems. Resolves highly complex malware and intrusion issues. Contributes to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations. May prepare and presents technical reports and briefings. May perform documentation, vetting and weaponization of identified vulnerabilities for operational use.
Auto req ID:
Event Management Handler-Entry Level 1
Bachelor’s Degree and 0 years of experience. A relevant professional certification can be substituted for a Bachelor’s Degree.
NN SHIPBUILDING (0265)
Yes, 25% of the time
Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry. For more than a century, HII’s Newport News and Ingalls shipbuilding divisions in Virginia and Mississippi have built more ships in more ship classes than any other U.S. naval shipbuilder. HII’s Technical Solutions division provides a wide range of professional services through its Fleet Support, Mission Driven Innovative Solutions, Nuclear & Environmental, and Oil & Gas groups. Headquartered in Newport News, Virginia, HII employs more than 40,000 people operating both domestically and internationally.
No relocation assistance available
Newport News-Virginia-United States
US Citizenship Required for this Position:
Equal Opportunity Employer - Veterans/Disabled Welcome. U.S. citizenship required for most positions.