Logo
cFocus Software Incorporated

Security Engineer IV - Packet Capture - HHS STIM

cFocus Software Incorporated, Washington

Save Job

Job Description: Security Engineer IV (Packet Capture)

Key Responsibilities

  • Setup, configure, and maintain Packet Capture (PCAP) infrastructure across cloud, on-premises, and hybrid environments.
  • Analyze network traffic and packet captures to detect anomalies, performance issues, and potential security threats (e.g., malware, DDoS, intrusion attempts).
  • Collaborate with SOC teams to support incident response efforts with deep packet inspection and threat prevention strategies.
  • Integrate packet capture tools with SIEM platforms and other log sources to enable advanced event correlation.
  • Develop and utilize APIs for integrating, visualizing, filtering, and automating workflows within packet capture environments.
  • Deliver and support critical production applications, ensuring high availability and scalability of PCAP tools.
  • Provide technical advisory for network security architecture and align packet capture solutions with organizational security strategies.
  • Participate in cross-functional threat detection and incident response activities.
  • Maintain detailed documentation of system configurations, processes, and service records.
  • Mentor junior engineers and provide subject matter expertise on packet capture technologies.
  • Participate in a 24/7/365 on-call rotation, ensuring operational readiness and support.

Required Qualifications

  • Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent combination of education and experience).
  • 10+ years of experience in Information Security, with a strong background in packet capture and network traffic analysis.
  • Hands-on experience with enterprise packet capture tools (e.g., NetWitness) and related technologies.
  • Proficiency in analyzing and troubleshooting LAN/WAN performance and network connectivity issues.
  • Knowledge of log formats (e.g., syslog, HTTP, database logs) and integration techniques.
  • Experience in developing and leveraging APIs for automation and visualization.
  • Familiarity with SIEM integration (e.g., Splunk, Cribl).
  • Strong problem-solving and analytical skills with the ability to work independently or in teams.
  • Excellent oral and written communication skills, including the ability to explain technical concepts to non-technical stakeholders.
  • Experience with federal security frameworks, including NIST SP 800-53 Rev. 5, DISA STIGs, and CIS Controls.
  • Ability to obtain and maintain required security clearances.

#J-18808-Ljbffr