Systems Planning and Analysis, Inc.

  • Cybersecurity Engineer

    Job Locations US-VA-Alexandria
    Information Technology
    Regular Full-Time
  • Overview

    The Information Technology (IT) Network Operations Team establishes and maintains the technology, infrastructure, and application support services required by our analysts to deliver timely, objective, and cost-effective analysis.  We design, develop, and deploy hardware- and software-based solutions in close coordination with SPA’s client-facing groups all while implementing measures to ensure network security and protect customer data. #IN123


    Play a leading role in security and protection of SPA electronic assets and data. In this position, you will focus on continuous monitoring, incident response, and ensuring the health of security systems.  Work collaboratively with teammates across the organization using a combination of both internal and external resources to effectively safeguard company networks, protect customer data, meet/exceed internal and external security compliance requirements, and make recommendations to improve SPA security posture.


    Key role responsibilities include, but are not limited to:

    • Support all aspects of Information Security Operations initiatives.
    • Monitor and analyze Intrusion Prevention Systems (IPS).
    • Leverage SIEM systems such as Splunk, ArcSight, and QRadar to identify security issues for remediation.
    • Support the deployment of new security technologies.
    • Ingest indicators of compromise from various information sources.
    • Assist in the meeting of strict security compliance requirements.
    • Conduct open source research to stay informed of emerging cyber security threats.
    • Participate in simulated social engineering exercises to raise organizational security awareness.
    • Proactively recognize intrusion attempts and compromises through triage of relevant event detail and summary information.
    • Tune and refine security alerts to meet the needs of a changing environment.
    • Communicate alerts to IT leadership regarding intrusions/compromises to network infrastructure, applications, and operating systems.
    • Assist in the implementation of counter-measures and/or mitigating controls.


    • Bachelor’s Degree in Information Technology, Information Systems Security, Cybersecurity, Systems Engineering or related technical discipline OR 4+ years of previous IT security and systems engineering experience.
    • 2+ years of cybersecurity experience.
    • Security Information Event Management (SIEM) experience, preferentially using Splunk Enterprise Security.
    • Experience working with Application Whitelisting such as Cb Protection.
    • Relevant cybersecurity certification e.g. Security+ CE, CISSP, GREM, GCIH, GCIA, CEH, CISM, GCED, GCFA, OSCP.

    Preferred Qualifications:

    • Strong working knowledge of cybersecurity event triage and incident response using advanced endpoint threat detection and response tools such as Cb Response, Tanium, or RSA Netwitness Endpoint (Ecat).
    • Strong foundational networking knowledge covering VLANs and Networking Protocols (i.e DNS, DHCP, TCP).
    • Possess fundamental knowledge of Windows and Cisco operating systems, and the ability to analyze network traffic and information security events.
    • Experience working with endpoint security tools including anti-virus, host firewalls and intrusion prevention systems, and endpoint encryption.
    • Experience ingesting indictors of compromise (IOCs) from various sources, and using information gleaned to protect organizational networks.
    • Experience managing email security appliances such as Cisco IronPort Email Security Appliances, ProofPoint Email Protection, etc.
    • Fundamental knowledge of various firewall types including Stateful Inspection Firewalls, Next Generation Firewalls, etc.
    • Experience working with web filtering solutions.
    • Knowledge of common attack vectors and attacker tactics, techniques, and procedures (TTPs).
    • Familiarity with common malware types and their associated symptoms including ransomware, spyware, trojans, worms, key loggers, etc.
    • Working knowledge of cyber incident response procedures and static malware analysis.
    • Technical knowledge of network operations, server architectures, storage solutions, and desktop hardware and software.
    • Possess the ability to work as a team member in a dynamic and challenging environment.
    • Possess the ability to effectively communicate with peers, supervisors, and members of senior management.
    • DoD Secret clearance or higher.



    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed