Job Summary

***Hybrid Opportunity***

Infinity Technology Services, LLC (ITS) is seeking a qualified candidate for a full-time Security Information and Event Management (SIEM) individual to support a confidential contract in Washington, DC.

Key Responsibilities:

Duties and responsibilities include, but are not limited to:

• Log Management 
  • Review of ingestion and normalization of logs 
  • Ability to ingest and analyze all common log formats 
  • Consulting on log storage method and pricing tier  
  • Consulting on cost management recommendations for log pricing  
• Sentinel  
  • Sentinel management with regularly updated baseline  
  • Continuous deployment of updated rules  
• Threat Intelligence 
  • Disburse threat intelligence to key employees 
  • Ability to share hardening recommendations and update baseline from lessons learned across full client base  
• Staff support 
  • Educational development – ability to leverage Microsoft partnership and team’s technical knowledge to hold workshops and training on Azure and M365 Cloud Services  
• Continuous Improvement 
  • Review of Architecture to look for gaps in cybersecurity solution 
  • Drive efficiencies in logging and log storage
• Program Management Support 
  • Recurring operational touchpoints 
  • Quarterly Executive Management reviews
• Automated Response 
  • Utilize an expert system designed to enhance security investigations by leveraging comprehensive data analysis capabilities. It seamlessly integrates both external and internal data sources to gather, correlate, and analyze entity-related information, ensuring a holistic view of each security case. The expert system employs sophisticated algorithms to cross-reference and validate data, making precise determinations or enriching cases with substantial evidence. This process not only aids analysts in making informed decisions but also accelerates the incident response time by providing actionable insights and detailed context. By automating the investigation workflow, our expert system significantly reduces the manual effort required, allowing security teams to focus on more complex threats and strategic initiatives. 
• 24x7x365 monitoring of security events 
  • Desktop Advanced End Point Detection and Response threat detection and threat response services related to an advanced end point detection and response technology such as Microsoft Defender, 365 Defender, Defender for Office, Trellix, etc. 
  • Server Security Detection and Response – threat detection and threat hunting services to quickly detect and investigate endpoint attacks related to Server Endpoints 
  • Firewall Security Monitoring Service – Monitor and Management of security and system health-related alarms. Alerting and Notification of validated attack threats on primary Firewall, Network Devices 
  • AD User Monitoring - Monitoring, Logging and Reporting of active directory security user’s behavior security alarms. Alerting and Notification of validated attack threats according to applicable user activity. 
• Ability to analyze syslog and CEF  
• Custom alerting capabilities based on business requirements. 
• Incident management support for SOC  
• Recurring operational reviews with designated SOC Lead 
• Provide recommended best business practices when responding to events 

Preferred Qualifications:

• Minimum of 3 year of experience with Microsoft Defender for Endpoint deployment or similar EDR solutions

Education:

• Bachelor's Degree

Clearance Requirement:

• No security clearance required, must be able to pass a National Agency Check (NAC)

Salary Note: 

In compliance with Washington’s Equal Pay and Opportunities Act, the salary range for this position will be based on a combination of education, experience, and assigned responsibilities.

ITS, LLC is an Equal Opportunity Employer, including veterans and individuals with disabilities.

U.S. Citizenship is required.