Detection Engineer with Security Clearance

---

Job description

WarCollar Industries is currently looking to hire a Detection Engineer on a full time, permanent basis. This position must be performed onsite in McLean, VA and requires an active TS/SCI w/ Full Scope Polygraph security clearance. Title: Detection Engineer
Location: McLean, VA This position must be performed within shift hours either Sunday-Wednesday or Wednesday-Saturday. Available Shift Hours:
• 1st ()
• 2nd ()
• 3rd () Summary:
WarCollar Industries wants you to join the team who protect and defend the largest target in the world using your expertise in Host Based IDS, IPS, and specialized network defense. This position will utilize the latest cyber tools available and assist in creating new ones while allowing you to advance the nation's information security posture. Responsibilities:
• Creation, editing, and management of signatures, custom rules and filters for specialized network defense systems including but not limited to:
• Network and host-based IDS, IPS, firewall, web application firewall
• Manage and administer the tuning of rules, signatures, and custom content for specialized CND applications and systems
• Identify potential conflicts with implementation of any CND tools within the enterprise and develop recommendations to remediate these conflicts
• Participate in inter-agency relationships with partner organizations to facilitate mission execution
• Provide innovation and creative solutions to challenging problems
• Provide logical use case development
• Provide and track requirements to engineering partners
• Identify gaps in visibility or coverage of cyber defense systems
• Prepare data analytics and reporting Qualifications:
• Active TS/SCI w/ Full Scope Polygraph security clearance
• 3+ years of experience with Detection Assurance and rule validation in Cyber Security, InfoSec, Security Engineering or Network Engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, data management
• Bachelor's Degree in Electrical Engineering, Computer Engineering, Computer Science, or other closely related Information Technology field of study
• Must possess a current DOD 8570 IAT Level I or CSSP-IR Certification (can be obtained after hire)
• Experience working with SOAR, Proxy, and SIEM systems
• Experience working with MITRE ATT&CK
• Experience using computer programming language(s) such as Python, JavaScript, Yara or Snort
• Familiarity with the following classes of enterprise cyber defense technologies:
• Security Information and Event Management (SIEM) systems (Splunk and/or Splunk Enterprise Security)
• SysMon
• Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
• Host Intrusion Detection System/Intrusion Prevention Systems (EDR/IDS/IPS)
• Network and Host malware detection and prevention (EDR/NDR)
• Network and Host forensic applications
• Web/Email gateway security technologies
• Experience with MS Azure and/or any other cloud platforms such as AWS, GCP, Oracle, etc.
• Ability to demonstrate expertise utilizing SIEM tools for use case development and application
• Ability to demonstrate interpersonal, organizational, writing, communications, and briefing skills
• Ability to effectively use analytical and problem-solving skills

<!– job description page –>