AMVETS Jobs

COMPANY OVERVIEW

XCEL Engineering, Inc. is an award-winning small business that provides trusted information technology, engineering, consulting and project management solutions and services to federal agencies and organizations. Originally founded in 1971 by professional engineers at the University of Tennessee, XCEL was acquired in 2003 by U.S. Army and Navy veterans and in 2023 became a MartinFed company.

XCEL Engineering is a part of IT Lab Partners (ITLP) which was created to support a leading research facility in the East Tennessee region in recruiting the best and the brightest technical talent. Considering joining our impressive team today!

JOB OVERVIEW

XCEL Engineering has an opening for an AssociateCybersecurity Engineer to immediately support their Defensive Cyber Operations (DCO) team. This position's primary responsibility is to conduct event triage in a tiered operational security model while training in and supporting vulnerability management and threat intelligence tasks.

This is a full-time, permanent position that will work onsite in Oak Ridge, TN.

ESSENTIAL FUNCTIONS

• Provide technical advice and identify cyber security areas in need of improvement, including operational as well as research capabilities.
• Use data analysis techniques to identify internal and external cyber security threats and malicious activity based on relevant indicators. Develop, modify, and/or acquire tools to analyze data to generate reports or visualizations.
• Support cyber security activities regarding intrusion incidents, malicious activity, protective actions, and remediation on ORNL classified and unclassified systems.
• Collaborate with cyber security, network, data center operations, security operations center, cyber security research, and other staff to ensure appropriate configuration and implementation of security tools, with a focus on Elastic to provide effective capture of security relevant data for alerting of performance problems and security concerns.
• Standardize, document, maintain, and automate the network and cyber processes for monitoring, analyzing, and responding to events.
• Develop written and oral presentations that convey complex technical concepts and issues, including evaluation of cyber security incidents, to ORNL and DOE staff with varying levels of experience and technical expertise.
• Prepare assessments, develop dashboard, document results, and provide status reports and recommendations to the Cyber Security Group Leader, CISO, and ITSD management.

BASIC QUALIFICATIONS

• Bachelor's Degree in Computer Science or related field or combination of experience and education will be considered.
• Experience in Cyber Security
• Experience utilizing a SIEM in a production Security Operations Center (SOC)
• Experience with Hadoop, Accumulo, Elastic Stack, Spark, and/or related technologies
• Experience planning, designing, and implementing cyber security improvements and associated metrics to assess impact.
• Extensive knowledge of information technology and cyber security topics, including network flow, log analysis, cyber security visualization, and programming.
• Ability to perform network-centric forensic analysis (Network Security Monitoring and related disciplines)
• Ability to perform log-centric analysis (application logs, operating system events, authentication data, etc.)
• Engage in cyber threat hunting activities
• Possess strong analytical skills - able to efficiently evaluate data sources and communicate analysis effectively.
• Experience integrating with cyber security research organizations to develop new capabilities and leverage expertise in analysis of large data sets.
• Demonstrated ability to create tactical, ad hoc scripts to supplement existing tool base as needed.
• Experience with network security monitoring tools (Snort, Suricata, Bro, Wireshark, tcpdump, NSM, etc.) and with the echniques required to properly analyze and respond to information security events
• Experience extracting and correlating large data sets (Elastic Stack)
• In-depth experience reading and evaluating computer-generated logs (i.e., Kafka, IDS logs, virus logs, etc.).
• Able to communicate effectively at all levels of an organization.
• Ability to work in a fast-paced, enterprise environment.
• Demonstrated ability to work in a team environment, able to coach and mentor other team members.
• Must provide outstanding customer support and possess the ability to work well with peer security professionals, researchers, system administrators, desktop support specialists, and help desk specialists.
• A highly motivated individual who strives for excellence and will drive success regardless of obstacles.
• This position may require some after-hours work and occasional travel.
• This position may require the ability to obtain and maintain a security clearance from the Department of Energy, which requires U.S. Citizenship. Therefore, passing a pre-placement drug test and participation in an ongoing random drug testing program is required.

Preferred Qualifications:

• Master's Degree in Computer Science or related field.
• Experience with Agile methodologies and Atlassian products
• Security industry certifications are a plus, e.g. CISSP, GCIA, GCIH
• Comprehensive understanding of cyber threat actors and their corresponding methods/tactics.
• Experience in data visualizations, machine learning, batch/streaming analytics, program data flow, reverse engineering, vulnerability research, emulation, symbolic execution, network security, block-chain applications, bot detection, natural language processing, or other related area.
• Ability to perform host-centric analysis (tactical forensic analysis, memory analysis, malware detonation, and reverse engineering)
• Experience evaluating suspect assets using forensics applications and other host based tools (file, memory, and disk analyzers)
• Advanced understanding of Linux, Unix, Mac and Windows operating systems.
• Experience with business strategy, improving processes, and making recommendations in business processes and policies for operational metrics and results
• Experience planning, developing, and/or integration SOAR with SIEM
• Experience with UEBA
• Effective at communicating clearly to technical and business audiences.
• Able to grasp and learn new technologies and applications. Technical skills on par with system administrator, developer, security engineer, or security researcher.
• Experience with DOE facilities or other government entities is a plus.
• Experience working in large scale (> 5000) employee research environments is a plus.

PHYSICAL REQUIREMENTS and ENVIRONMENTAL CONDITIONS

• Inside office environment.
• Working on a computer for long periods of time.
• May involve long period of sitting at a desk.
• Stoop, kneel, crouch, crawl, and climb ladders as required.
• Repeatedly lift and carry weight up to 50 pounds.

OTHER DUTIES

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Xcel Engineering is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transge