Bachelor’s degree in a related specialized area or equivalent is required plus a minimum of 8 years of relevant experience; or Master’s degree plus a minimum of 6 years of relevant experience.
Knowledge Skills and Abilities: Senior Splunk Administrator Advanced knowledge of backend operating systems to implement, maintain, configure, and remediate issues (UNIX/Linux/Windows) Knowledge of operating systems and networking. Understanding of SIEM & logging fundamentals. Understanding of SOC Monitor and Response fundamentals. Experience in any type of SIEM – Splunk, Arcsight, Log Rhythm, etc. Experience with implementation of SIEM products and tools. Understanding of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix Knowledge of applications, databases, middleware to address security threats against the same. Proficient in preparation of reports, dashboards and documentation Excellent communication and leadership skills Ability to handle high pressure situations with key stakeholders Good Analytical skills, problem solving and Interpersonal skills Working knowledge and experience with MS office with proficiency in Excel Preferred degree types and experience: The leading candidate will have a Bachelor’s Degree in Computer Science, a related field, or equivalent experience. with a minimum of 5 years of experience in a SOC, or an Associates Degree in Computer Science, Information Systems, Cyber Security, or related discipline with a minimum of 7 years of experience in a SOC. Strong candidates will have previous experience working with users; possess a talent for problem-solving as well as organization and time management skills.
Source of Changes:
President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Office of Management and Budget Memorandum M-17-25 – next-generation Risk Management Framework (RMF) for systems and organizations
NIST SP 800-53 Revision 5 Coordination
So do you have any suggestions for someone starting out in IT Security? What certifications, knowledge, training, forums, do you suggest? They will pay for the A+ cert, Network + and Security + certification. Do you have any suggestions for someone just starting out in security? After CompTia what should I focus on. Although I’m not sure yet of my final career goals, I’d like to first get a job very quickly in IT security, hopefully with the government, state, or any local government; when I say quick I mean within the next few weeks Thanks Rob for whatever info you can suggest
If you want a job fast I would suggest checking out simplyhired.com. I would also put my resume out on Monster.com, if you have not already done so. If you want a security job the security+ is the way to go, but also consider doing a search on monster and simplyhired to look at the skills and certifications that employers are looking for. Pay particular attension to keywords and phrases that they are using. You will know the keywords/phrase because they are repeated in nearly every resume for your chosen career path and/or job title.
How I get Jobs Fast
For example, in my career “system security engineer” and “information security officer” I see the following keywords/phrases over and over: security clearance, cissp, 8500, diacap. If noticed that when I have these keywords on my resume, I get calls almost DAILY from all over the US. Here is how you can do the same:
1) Find a good job title that fits what you do or what you want to do
2) Do a search for that job title [use google, simplyhired.com, monster.com, dice.com or any other search engine/job database]
– Read through the job results and try to find keywords/phrases that seem to be in most or all of the jobs listed
3) Try to get as many of the applicable keywords/phrases in your resume
– Either have the skills required for the chosen job title or begin working toward them
– I am not suggesting that you put lies on your resume, you’ll have to look for job titles that you have experience & skills in
– Don’t mess with stuff that completely out of your league or level of expertise, be honest on your resume
– Sometimes employers will take you if you are willing to learn the skills or earn the require certification/degree in a certain time frame. Put that on your resume.
4) Put your resume [with keywords/phrases in place] online, as many places as you can
Research Employer Demand in certain locations
I am from California and I have been trying for years to find a decent job (for what I do) there. They’ve got them in southern California but almost none in Northern. California seems to be lacking jobs and then they don’t want to pay comparable to the cost of living there. I noticed that Cali has a LOT of networking jobs. If you type in CCNP in simplyhired.com for Cali, you’ll find a lot of good paying jobs. The problem is that CCNP is a very difficult certification to get (or so I’ve heard).
I would recommend checking out what sort of IT skills employers are looking for in the area you want to work. For example, even though I have lots of certifications, most of the ones that I have [that are still active lol] won’t help me for moving back to Northern California. I researched it and found that they are mostly looking for Network Engineers [as of 2006-2010] and my Cisco routing and switching skills are still developing.
Play Capitalisms Game: Start a Business
Another option is to start your own business. This may sound daunting, but believe it or not my website elamb.org qualifies as a business. It took me about 1 year to get it making money, but now it makes between $400 – 800/month without me even looking at it. It has made as much as 2k and I know people who make more in a month then many people make in a year with their blogs. It is becoming harder and harder to be an employee. Companies do the bare minimum to take care of employees, the economy goes in a recession (or worse) and hard working people can not find a job and the value of the dollar flutuates on a downward spiral. It seems the only way to be comfortable in this new “capitalism” is to have multiple streams of income.
If you are interested, start at your states business page and here
My greatest skill is procrastination. I really am the best, most skilled procrastinator I know. It takes all of my will power to stay consistent with anything, including this blog, which is why (among other things) I am not banking like Darren Rowse or Steve Pav, two of my favorite bloggers.
YOU SEE, I am such a good procrastinator that I JUST procrastinated on getting to the REAL subject of this article, security, IA updates.
A fellow IA Analyst wrote me with questions that got right to the heart of IA… change.
She asked about AFI 33-202.
And I said:
Right as I felt I had mastered the contents of 33-202, the airforce moved to 33-210 (to replace all its C&A stuff). I believe 33-202 is now obsolete and replaced with 33-200 & 33-202 and others.. last time I was with the AF, anyway.
What about IT LEAN?
As for IT Lean, you can find that on AF Knowledge Now site and I think they have links to it on EITDR. If you are interested in IT Lean you’ll be REALLY interested in 33-210: 33-210
But if you are working with the Air Force and want more on the IT LEAN process you should be digging into AFCAP, Air Force Certification & Accreditation Program, an AF version of IT Lean.
A lot of people also ask me to send them a copy of the CNSSI 12-53. But it is actually OUT. Its the CNSSI 1253. I, personally, have not had any clear direction (currently NO direction) on how to start moving some of the CNSSI to the systems I work on. I suspect that the Govt. will start this within the next couple of years and start phasing out DIACAP.. but who the hell knows what a bureaucracy of their size will do next!
Lastly, my fellow IA Analyst asked me about EITDR
and I said:
You’ll find the EITDR POCs on the Air Force Portal or Knowledge Now. Log on to the Air Force Portal (if you don’t have an account get one.. you may have to get sponsor by the Govt to get it). Once on the AF Portal search for EITDR and they’ll have tons of stuff on it. Waaaaay more stuff than you want to read. You’ll also find the person you need to start the EITDR process with.
Thank you for the fine work of protecting President George W. Bush. Regardless of my personal disagreements with about 90% of his administrations actions I wish nothing beyond a very irritating groin rash on the man who has been my president from 2000 – 2008.
I hope that you can do the same thing for President Obama. I am certain you’ll be proactive in your security techniques. I am definitely not questioning whether or not you are good at your job.
As an American citizen I just ask that you go one step further by looking at potential insider threats. I’m not trying to promote some sort of conspiracy theories or anything and I certainly don’t have any reason to believe that your current staff is stocked with traitors of the American Republic. I’m just pointing out potential threats.
To let harm befall such a great American who has become a symbol of hope for people around the world would be a serious blemish on YOU.