Luna Data Solutions is seeking Network Security Analyst/Cybersecurity Engineer resources for several openings with our agency industry client located in Austin, TX. These are contract positions (12 months with possible extension). This is a hybrid role, where this resource will be expected to work onsite 2 days per week in Austin, TX.
Role: Network Security Analyst/Cybersecurity EngineerTools
Description:
Work involves administration of the client’s Cybersecurity Operations tool suite to provide real-time data, metrics, and correlated incident input to the CSOC Incident Response Team. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.
DUTIES
Custom Managed Scanning Services
The client has an existing Tenable scanning solution that requires fulltime staff to support operation and management. Staff Augmentation provider will provide a minimum of two (2) Tier 3 engineers to support the following functions:
• Ensuring the solution is configured to the client’s requirements
• Scans are configured to scan all devices in the client environment
• Perform both credentialed and un-credentialed scans in accordance with agency security policies and standards
• Identify software installed on scanned systems with known vulnerabilities
• Perform targeted scanning to identify specific vulnerabilities within the client environment
• Identify rouge devices after each scan and notify client IT Operations and applicable service providers a minimum of monthly – rogue devices are those devices that are scanned but not identified as legitimate assets in the client environment
• Notify client IT Operations and applicable service providers of any identified vulnerabilities and misconfigurations in a method determined by TxDOT
• Advise client IT Operations and applicable service providers on methods to reduce vulnerabilities and misconfigurations.
• Advise client IT Operations and applicable service providers on methods to refine client patching process to ensure that results of the scans are communicated to the appropriate operational teams responsible for ensuring vulnerabilities and misconfigurations and ensure they are mitigated or remediated in accordance with agency policy.
• Coordination with the team members building configuration baselines
• Administration of the Tenable application including coordinating with operational team for patching.
Custom Managed Endpoint Protection
The client has two (2) endpoint protection solutions that require fulltime staff to support operation and management. Staff Augmentation provider will provide a minimum of one (1) Tier 3 engineer to support the following functions:
• Management and administration of EDR tool (currently Microsoft Defender for Endpoint and CISCO Secure Endpoint)
• Vendor Updates to tools
• Reporting
Managed CISCO Secure Network Analytics Service
The Managed Secure Network Analytics Service is a security service utilizing client-provided hardware enabling network visibility monitoring and alerting. Once network traffic reaches key network devices such as firewalls, routers, switches or specific devices designed to split network traffic such as a SPAN or TAP ports netflows can be generated and sent to Secure Network Analytics. This enables the client to have better visibility of North-South traffic as well as East-West traffic. The client can define its own security policies and tailor the Secure Network Analytics alerts to match expected or unexpected network traffic. The Managed Secure Network Analytics Service supports the creation and monitoring of alerts, policies, and host groups. Additionally, the Managed Secure Network Analytics Service performs for the client’s four critical activities:
• Performance and Health Monitoring – Ensuring that the monitored device is operating as expected (e.g., up/down status), system resource utilization (e.g., CPU, MEMORY) and environmental indicators (e.g., temperature, power) as available through the specific endpoint management tool.
• Alert/Notifications – Providing alerts or notifications to the designated client point of contact or group of any variance from the specified norms for performance or system health and security related alerts/notifications as defined by the client’s security policy.
• Move/Add/Change/Delete (MACD) – Perform changes to the configuration of the Secure Network Analytics management system, as directed by the client.
• Patch and update installation – Ensure that the Secure Network Analytics system is up-to-date with the current software release (Version N) or current stable release (Version N-1)
Security Information and Event Management (SIEM) administration
The client currently utilizes the Microsoft Sentinel SIEM solution. SIEM aggregates the event data that is produced by monitoring, assessment, detection, and response solutions deployed across application, network, endpoint and cloud environments. Capabilities include threat detection, through correlation and user and entity behavior analytics (UEBA), and response integrations commonly managed through security orchestration, automation, and response (SOAR). Staff Augmentation provider will Provide a minimum of two (2) dedicated SIEM engineers to manage Azure Sentinel SIEM solution.
• Provide content management
• Updates to correlations, alerting rules, customization of dashboards, views, and reports
Required Qualifications:
A minimum of 6 to 8 years of experience with deployment and configuration of Network Security monitoring and incident response tools (EDR, Scanners, SIEM, Netflow, etc)
A minimum of 6 to 8 years of experience with the administration of Network Security monitoring and incident response tools (EDR, Scanners, SIEM, Netflow, etc)
A minimum of 6 to 8 years of experience in participation and experience in intrusion detection and incident response activities
A minimum of 6 to 8 years of experience in effective, professional business communication and reporting
Preferred Qualifications:
Experience with the CISCO security suite of tools
Experience with Microsoft EDR tools
Experience with Microsoft Sentinel
Experience with the Tenable suite of tools
WORK HOURS AND LOCATION:
• 8 AM to 5 PM, Central Time, Monday through Friday except State holidays.
- Working overtime may be expected in order to meet tight deadlines.
- Candidate may be required to work evenings or weekends to meet business needs and deadlines.
- Work will be performed onsite in Austin, during normal business work hours. Telework is authorized at client discretion. The current requirement is to work in the office a minimum of twice a week.
- Note: Candidates living outside of Austin will be considered, and if hired, the work location will be 100% remote.
To apply, please send resume to sandy@lunadatasolutions.com for immediate consideration.
Luna Data Solutions is an Equal Opportunity Employer.
