Cyber Content Developer/SIEM Engineer (33 NWS) with Security Clearance
IPSecure Inc
2024-11-07 21:37:05
San Antonio, Texas, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
CYBER CONTENT DEVELOPER/SIEM ENGINEER (33 NWS) - JBSA LACKLAND, SAN ANTONIO, TEXAS - TS/SCI REQUIRED Job Description The Cyber Content Developer/SIEM Engineer implements use cases based on mission requirements that provide analysts with a manageable SIEM view of security incidents, complete with workflow and reporting. Additionally, provide proactive housekeeping of associated content (use cases) with consideration for revisions and/or decommissioning. Will be in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives. Responsibilities Analyze DCO events. Apply current industry SIEM best-practices. Use security alerts correlated with log enrichment data to enhance the operator's ability to identify real attacks. Establish security control effectiveness and monitor for unauthorized outbound connections Create detections by analyzing log data across the enterprise. Develop dashboards and visualizations to identify adversarial activity. Use log data to establish and implement virtual tripwires for early detection. Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM. Conduct designing, implementing, and testing of various SIEM solutions. Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate. Create, test, and validate filters and rules. Build and implement event correlation rules, logic, and content in the SIEM. Tune SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors. Analyze malware threats to develop behavior-based detections that alert and/or prevent malicious activity. Automate tasks in the SIEM using a common programming or scripting language. Create scheduled and ad-hoc reporting with SEIM tools. Create and maintain SIEM documentation. Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports. Basic Qualifications An active TS/SCI clearance. Ability to obtain the GIAC Certified Forensic Analyst (GCFA) Certification within 120-days of hire date OR have a BS or MS in Computer Science/Cyber Security. Preferred Qualifications 2+ years of SIEM technology (ex: Arcsight, Splunk, Devo and/or ELK). Experience with log handling, reports, filters, and rule creation. Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (ex: Air Force, Navy, Army, DC3, DISA). 3+ years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s). Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (ex: Open Source projects). 1+ year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell. Benefits Medical, Dental, Vision, Unlimited Vacation, Sick Leave, Paid Federal Holidays, Education and Certification Reimbursement Program, 401(k) retirement plan with safe harbor employer match after 3 months, Prepaid legal plan and ID protection plan available, Accident Insurance, Critical Illness Insurance, and Hospital Indemnity Insurance available. EEOC Statement IPSecure is an Affirmative Action Employer and does not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability or status as a protected veteran.