Are you an accomplished IT professional with experience in ZEEK?

Are you ready for the next step up in your professional career?

Hill Associates, a leading IT Consultant, has an immediate opening for a full-time:

ZEEK Engineer/ Subject Matter Expert (SME):

 

  • Experience in customizing configurations of deployed ZEEK sensors to maximize detection of threats against a Federal Agency’s infrastructure.

  • U.S. Citizen.

  • Active Secret Clearance (or higher).

In this important role, you will have a premier opportunity to apply your ZEEK experience to systems supporting Department-wide security operations for a major Federal Government Agency in the DC metro area.

The position is currently telework

Under normal conditions, the primary work location is at a metro accessible (Silver Line) location in Vienna (Tysons Corner) Virginia, with occasional travel to Government offices in downtown Washington, DC. No travel outside the DC metro area is anticipated.

If you are an experienced ZEEK engineer / SME who thrives in a high-paced, collaborative environment, then we want to hear from you!

What You’ll Get to Do:

  • Support a major Federal Government Agency’s Security Operations Center (SOC).

  • Work directly with the information security team leadership.

  • Maximize the capabilities within the Zeek framework to enhance threat detection across the Agency’s networks.

  • Convert existing Snort Signatures over to Zeek.

  • Once the Zeek sensors are optimized, assist in terminating the Snort infrastructure, enabling the Agency to optimize and focus solely on Zeek.

  • Collaborate with the SOC Threat and Risk Team to identify new signature requirements and build new process analytic functionality.

  • Work with the SOC DevOps team to configure systems to perform the following:

  • Signature development, sensor signature configuration, signature deployment.

  • Protocol network flow analytic configuration & tuning.

  • File carving.

  • SSL certificate detection.

  • Alert generation management.

  • Train SOC analysts to effectively monitor Zeek.

You’ll Bring These Qualifications:

  • Must be a US Citizen.
  • Active Secret Clearance (or higher).
  • Bro/Zeek engineering / support expertise.
  • Solid working knowledge of Pulled Pork and Aanval Snort management systems.
  • Highly desire a strong understanding of common server / application protocols.
  • 2+ years of Linux experience and/or Linux certification.
  • 3+ years of experience supporting a large enterprise environment.
  • Ideal candidates will be team players with strong interpersonal skills.

Hill Associates is an affirmative action and equal opportunity employer. Employment decisions will be made without regard to race, color, religion, sex, age, national origin, military status, veteran status, handicap, physical or mental disability, sexual orientation, gender identity, genetic information or other characteristics protected by law.

If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Hill Associates Recruiting Team at 202-656-6509 or via email at careers@hillasc.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

What We Can Offer You:

Hill Associates offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.