Cyber Content Developer Job at IPSecure, Inc in San Antonio
IPSecure, Inc, San Antonio, TX, United States
CYBER CONTENT DEVELOPER / SIEM ENGINEER
JBSA LACKLAND, SAN ANTONIO, TEXAS – TS/SCI REQUIRED
Job Description
The Cyber Content Developer/SIEM Engineer implements use cases based on mission requirements that provide analysts with a manageable SIEM view of security incidents, complete with workflow and reporting. Additionally, provide proactive housekeeping of associated content (use cases) with consideration for revisions and/or decommissioning. Will be in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives.
Responsibilities
Analyze DCO events.
Apply current industry SIEM best‑practices.
Use security alerts correlated with log enrichment data to enhance the operator’s ability to identify real attacks.
Establish security control effectiveness and monitor for unauthorized outbound connections.
Create detections by analyzing log data across the enterprise.
Develop dashboards and visualizations to identify adversarial activity.
Use log data to establish and implement virtual tripwires for early detection.
Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.
Conduct designing, implementing, and testing of various SIEM solutions.
Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate.
Create, test, and validate filters and rules.
Build and implement event correlation rules, logic, and content in the SIEM.
Tune SIEM event correlation rules and logic to filter out security events associated with known and well‑established network behavior, known false positives and/or known errors.
Analyze malware threats to develop behavior‑based detections that alert and/or prevent malicious activity.
Automate tasks in the SIEM using a common programming or scripting language.
Create scheduled and ad‑hoc reporting with SEIM tools.
Create and maintain SIEM documentation.
Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.
Basic Qualifications
An active TS/SCI clearance.
Ability to obtain the GIAC Machine Learning Engineer (GMLE) Certification within 120‑days of hire date OR have a BS in Computer Science or MS in Computer Science/Cyber Security.
Preferred Qualifications
2+ years of SIEM technology (ex: Arcsight, Splunk, Devo and/or ELK).
Experience with log handling, reports, filters, and rule creation.
Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (ex: Air Force, Navy, Army, DC3, DISA).
3+ years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s).
Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (ex: Open Source projects).
1+ year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto.
Proficient in Python and PowerShell.
Benefits
Medical, Dental, Vision, Unlimited Vacation, Sick Leave, Paid Federal Holidays, Education and Certification Reimbursement Program, 401(k) retirement plan with safe harbor employer match after 3 months, Prepaid legal plan and ID protection plan available, Accident Insurance, Critical Illness Insurance and Hospital Indemnity Insurance available.
EEOC Statement
IPSecure does not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability or status as a protected veteran.
#J-18808-Ljbffr
In Summary: Cyber Content Developer/SIEM Engineer implements use cases based on mission requirements that provide analysts with a manageable SIEM view of security incidents, complete with workflow and reporting . Will be in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives .
En Español: CYBER CONTENT DEVELOPER / SIEM ENGINEER JBSA LACKLAND, SAN ANTONIO, TEXAS TS/SCI REQUIREDO Descripción del trabajo El desarrollador de contenido cibernético/ingeniero SIEM implementa casos de uso basados en los requisitos de la misión que proporcionan a los analistas una visión manejable SIEM de incidentes de seguridad, junto con el flujo de trabajo e informes. Además, proporciona mantenimiento proactivo de contenidos asociados (casos de uso) teniendo en cuenta las revisiones y/o desmantelamiento. Estará en estrecha colaboración con el liderazgo de DO y DM para garantizar que las tareas se alineen con los requisitos, prioridades e iniciativas futuras del escuadrón. Responsabilidades Analizar eventos adversarios DCO. Aplicar las mejores prácticas SIEM actuales de la industria. Usar alertas de seguridad correlacionadas con datos de enriquecimiento de registros para mejorar la capacidad del operador de identificar ataques reales. Establecer la eficacia del control de seguridad y monitorear conexiones salientes no autorizadas. Crear detecciones mediante el análisis de datos de registro en toda la empresa. Sin GCDA o certificación equivalente. Conocimiento extenso del marco MITRE ATT&CK, y sus usos dentro de la comunidad de ciberseguridad (ex: proyectos Open Source). 1+ año de experiencia con plataformas de seguridad, orquestación, automatización y respuesta (SOAR) como Phantom y/o Demisto. Proficiente en Python y PowerShell. Beneficios médicos, dentales, visión, vacaciones ilimitadas, licencia por enfermedad, días festivos federales pagados, programa de educación y reembolso de certificaciones 401 ((k) plan de jubilación con un puerto seguro después de 3 meses, plan legal prepagado y plan de protección de identidad disponible, Seguro de accidente, seguro crítico y seguro de indemnización hospitalaria disponibles.
JBSA LACKLAND, SAN ANTONIO, TEXAS – TS/SCI REQUIRED
Job Description
The Cyber Content Developer/SIEM Engineer implements use cases based on mission requirements that provide analysts with a manageable SIEM view of security incidents, complete with workflow and reporting. Additionally, provide proactive housekeeping of associated content (use cases) with consideration for revisions and/or decommissioning. Will be in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives.
Responsibilities
Analyze DCO events.
Apply current industry SIEM best‑practices.
Use security alerts correlated with log enrichment data to enhance the operator’s ability to identify real attacks.
Establish security control effectiveness and monitor for unauthorized outbound connections.
Create detections by analyzing log data across the enterprise.
Develop dashboards and visualizations to identify adversarial activity.
Use log data to establish and implement virtual tripwires for early detection.
Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.
Conduct designing, implementing, and testing of various SIEM solutions.
Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate.
Create, test, and validate filters and rules.
Build and implement event correlation rules, logic, and content in the SIEM.
Tune SIEM event correlation rules and logic to filter out security events associated with known and well‑established network behavior, known false positives and/or known errors.
Analyze malware threats to develop behavior‑based detections that alert and/or prevent malicious activity.
Automate tasks in the SIEM using a common programming or scripting language.
Create scheduled and ad‑hoc reporting with SEIM tools.
Create and maintain SIEM documentation.
Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.
Basic Qualifications
An active TS/SCI clearance.
Ability to obtain the GIAC Machine Learning Engineer (GMLE) Certification within 120‑days of hire date OR have a BS in Computer Science or MS in Computer Science/Cyber Security.
Preferred Qualifications
2+ years of SIEM technology (ex: Arcsight, Splunk, Devo and/or ELK).
Experience with log handling, reports, filters, and rule creation.
Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (ex: Air Force, Navy, Army, DC3, DISA).
3+ years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s).
Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (ex: Open Source projects).
1+ year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto.
Proficient in Python and PowerShell.
Benefits
Medical, Dental, Vision, Unlimited Vacation, Sick Leave, Paid Federal Holidays, Education and Certification Reimbursement Program, 401(k) retirement plan with safe harbor employer match after 3 months, Prepaid legal plan and ID protection plan available, Accident Insurance, Critical Illness Insurance and Hospital Indemnity Insurance available.
EEOC Statement
IPSecure does not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability or status as a protected veteran.
#J-18808-Ljbffr
In Summary: Cyber Content Developer/SIEM Engineer implements use cases based on mission requirements that provide analysts with a manageable SIEM view of security incidents, complete with workflow and reporting . Will be in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives .
En Español: CYBER CONTENT DEVELOPER / SIEM ENGINEER JBSA LACKLAND, SAN ANTONIO, TEXAS TS/SCI REQUIREDO Descripción del trabajo El desarrollador de contenido cibernético/ingeniero SIEM implementa casos de uso basados en los requisitos de la misión que proporcionan a los analistas una visión manejable SIEM de incidentes de seguridad, junto con el flujo de trabajo e informes. Además, proporciona mantenimiento proactivo de contenidos asociados (casos de uso) teniendo en cuenta las revisiones y/o desmantelamiento. Estará en estrecha colaboración con el liderazgo de DO y DM para garantizar que las tareas se alineen con los requisitos, prioridades e iniciativas futuras del escuadrón. Responsabilidades Analizar eventos adversarios DCO. Aplicar las mejores prácticas SIEM actuales de la industria. Usar alertas de seguridad correlacionadas con datos de enriquecimiento de registros para mejorar la capacidad del operador de identificar ataques reales. Establecer la eficacia del control de seguridad y monitorear conexiones salientes no autorizadas. Crear detecciones mediante el análisis de datos de registro en toda la empresa. Sin GCDA o certificación equivalente. Conocimiento extenso del marco MITRE ATT&CK, y sus usos dentro de la comunidad de ciberseguridad (ex: proyectos Open Source). 1+ año de experiencia con plataformas de seguridad, orquestación, automatización y respuesta (SOAR) como Phantom y/o Demisto. Proficiente en Python y PowerShell. Beneficios médicos, dentales, visión, vacaciones ilimitadas, licencia por enfermedad, días festivos federales pagados, programa de educación y reembolso de certificaciones 401 ((k) plan de jubilación con un puerto seguro después de 3 meses, plan legal prepagado y plan de protección de identidad disponible, Seguro de accidente, seguro crítico y seguro de indemnización hospitalaria disponibles.