Content Developer (SIEM Cyber Security) Job at Bristol Bay Native Corporation in
Bristol Bay Native Corporation, San Antonio, TX, United States
Lackland Air Force Base, San Antonio, TX, USA •
Job Description
Posted Thursday, January 15, 2026 at 6:00 AM
STS Systems Defense, LLC (SSD) is a government consulting and contracting firm supporting federal agencies and military installations across the U.S. We are seeking a Content Developer (SIEM Cyber Security) at Lackland AFB in San Antonio, TX.
What You'll Do:
Analyze DCO events.
Apply current industry SIEM best‑practices.
Use security alerts correlated with log enrichment data to enhance the operator’s ability to identify real attacks.
Establish security control effectiveness and monitor for unauthorized outbound connections
Create detections by analyzing log data across the enterprise. (CDRL A007)
Develop dashboards and visualizations to identify adversarial activity. (CDRL A007)
Use log data to establish and implement virtual tripwires for early detection.
Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.
Conduct designing, implementing, and testing of various SIEM solutions. (CDRL A007)
Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate. (CDRL A008)
Create, test, and validate filters and rules. (CDRL A007)
Build and implement event correlation rules, logic, and content in the SIEM. (CDRL A007)
Tune SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors.
Analyze malware threats to develop behavior based detections that alert and/or prevent malicious activity.
Automate tasks in the SIEM using a common programming or scripting language.
Create scheduled and ad‑hoc reporting with SEIM tools. (CDRL A007 and A008)
Create and maintain SIEM documentation. (CDRL A008)
Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.
Utilize SIEM to develop metrics collection, analysis, and create reports upon request.
Provide training to government personnel as requested.
Provide knowledge transfer of tools, processes and procedures to government personnel as requested.
Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
Support operational leaderships tasking as it relates to Content Development functions and responsibilities
What You Bring:
Requirements:
Active TS/SCI
GMLE Certification (GIAC Machine Learning Engineer) OR Degree in Computer Science
More than 5 years of SIEM technology such as ArcSight, Splunk, and/or ELK.
More than 3 years with network traffic analysis, ports, and protocols. BA/BS or MA/MS
More than five (5) years of SIEM technology such as Arcsight, Splunk and/or ELK. Including, but not limited to, log handling, reports, filters, rule creation.
Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., Air Force, Navy, Army, DC3, DISA).
More than three (3) years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s).
Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
Additionally, more than one (1) year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell.
What We Offer:
STS Systems Defense, LLC offers a competitive benefits package to include: paid holidays, paid time off including sick and vacation leave, medical, dental and vision insurance, flexible spending accounts, short and long term disability, company paid life insurance, 401(k) with a company match and discretionary profit sharing and tuition reimbursement.
SSD is an Equal Opportunity Employer. Employment decisions are made without regard to any protected category. Hiring preference will be given to BBNC shareholders, their spouses and descendants and Alaska Natives in accordance with Public Law 93-638.
Lackland Air Force Base, San Antonio, TX, USA,
#J-18808-Ljbffr
In Summary: STS Systems Defense, LLC is a government consulting and contracting firm supporting federal agencies and military installations across the U.S. We are seeking a Content Developer (SIEM Cyber Security) at Lackland AFB in San Antonio, TX . What You'll Do: Analyze DCO events. Establish security control effectiveness and monitor for unauthorized outbound connections . Develop dashboards and visualizations to identify adversarial activity.
En Español: Lackland Air Force Base, San Antonio, TX, Estados Unidos • Descripción del trabajo Publicado el jueves 15 de enero de 2026 a las 6:00 AM STS Systems Defense, LLC (SSD) es una empresa gubernamental de consultoría y contratación que apoya agencias federales e instalaciones militares en los EE.UU. Buscamos un desarrollador de contenido (SIEM Cyber Security) en la base aérea de LAckland en San Antonio , Texas. Lo que harás: Analizar eventos DCO. Aplicar las mejores prácticas SIEM actuales de la industria. Utilice alertas de seguridad correlacionadas con datos de enriquecimiento de registros para mejorar la capacidad del operador para identificar ataques reales. Establecer la eficacia del control de seguridad y monitorear detecciones de conexiones salientes no autorizadas mediante el análisis de datos de registro en toda la empresa. (CDRL A007) Tune las reglas y la lógica de correlación de eventos SIEM para filtrar los acontecimientos de seguridad asociados con el comportamiento de red conocido y bien establecido, falsos positivos conocidos y/o errores conocidos. Analizar amenazas de malware para desarrollar detecciones basadas en comportamientos que alertan y / o prevengan actividad maliciosa. Automatizar tareas en el SIEM utilizando un lenguaje común de programación o scripting. Crear informes programados y ad-hoc con herramientas SEIM. (CDRL A009). Apoyar el liderazgo operativo en tareas relacionadas con las funciones y responsabilidades de desarrollo de contenido Lo que usted trae: Requisitos: Certificación activa TS/SCI GMLE (GIAC Machine Learning Engineer) O Grado en Ciencias Informáticas Más de 5 años de tecnología SIEM como ArcSight, Splunk y / o ELK. Más de 3 años con análisis del tráfico de red, puertos y protocolos. BA/BS o MA/MS Más de cinco (5) años de tecnologías SIEM tales como Arcsight, S Plunk y/o Elk. Incluyendo, pero no limitado a, manejo de registros, informes, filtros, creación de reglas. Conocimiento extenso con los sistemas IDS/IPS actualmente utilizados por el Departamento de Defensa (DoD), Servicios y Agencias (es decir, Fuerzas Aéreas Extensivas, comunidad, MIT, DISA3, etc.). Proficientes en Python y PowerShell. Lo que ofrecemos: STS Systems Defense, LLC ofrece un paquete de beneficios competitivos para incluir: vacaciones pagadas, tiempo libre pagado incluido el permiso por enfermedad y vacaciones, seguro médico, dental y visión, cuentas flexibles de gasto, discapacidad a corto y largo plazo, seguro de vida pago por la compañía, 401 (k) con una coincidencia de empresa y reparto discrecional de ganancias y reembolso de matrícula. SSD es un Empleador de Igualdad de Oportunidades. Las decisiones de empleo se toman sin tener en cuenta ninguna categoría protegida.
Job Description
Posted Thursday, January 15, 2026 at 6:00 AM
STS Systems Defense, LLC (SSD) is a government consulting and contracting firm supporting federal agencies and military installations across the U.S. We are seeking a Content Developer (SIEM Cyber Security) at Lackland AFB in San Antonio, TX.
What You'll Do:
Analyze DCO events.
Apply current industry SIEM best‑practices.
Use security alerts correlated with log enrichment data to enhance the operator’s ability to identify real attacks.
Establish security control effectiveness and monitor for unauthorized outbound connections
Create detections by analyzing log data across the enterprise. (CDRL A007)
Develop dashboards and visualizations to identify adversarial activity. (CDRL A007)
Use log data to establish and implement virtual tripwires for early detection.
Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.
Conduct designing, implementing, and testing of various SIEM solutions. (CDRL A007)
Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate. (CDRL A008)
Create, test, and validate filters and rules. (CDRL A007)
Build and implement event correlation rules, logic, and content in the SIEM. (CDRL A007)
Tune SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors.
Analyze malware threats to develop behavior based detections that alert and/or prevent malicious activity.
Automate tasks in the SIEM using a common programming or scripting language.
Create scheduled and ad‑hoc reporting with SEIM tools. (CDRL A007 and A008)
Create and maintain SIEM documentation. (CDRL A008)
Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.
Utilize SIEM to develop metrics collection, analysis, and create reports upon request.
Provide training to government personnel as requested.
Provide knowledge transfer of tools, processes and procedures to government personnel as requested.
Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
Support operational leaderships tasking as it relates to Content Development functions and responsibilities
What You Bring:
Requirements:
Active TS/SCI
GMLE Certification (GIAC Machine Learning Engineer) OR Degree in Computer Science
More than 5 years of SIEM technology such as ArcSight, Splunk, and/or ELK.
More than 3 years with network traffic analysis, ports, and protocols. BA/BS or MA/MS
More than five (5) years of SIEM technology such as Arcsight, Splunk and/or ELK. Including, but not limited to, log handling, reports, filters, rule creation.
Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., Air Force, Navy, Army, DC3, DISA).
More than three (3) years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s).
Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
Additionally, more than one (1) year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell.
What We Offer:
STS Systems Defense, LLC offers a competitive benefits package to include: paid holidays, paid time off including sick and vacation leave, medical, dental and vision insurance, flexible spending accounts, short and long term disability, company paid life insurance, 401(k) with a company match and discretionary profit sharing and tuition reimbursement.
SSD is an Equal Opportunity Employer. Employment decisions are made without regard to any protected category. Hiring preference will be given to BBNC shareholders, their spouses and descendants and Alaska Natives in accordance with Public Law 93-638.
Lackland Air Force Base, San Antonio, TX, USA,
#J-18808-Ljbffr
In Summary: STS Systems Defense, LLC is a government consulting and contracting firm supporting federal agencies and military installations across the U.S. We are seeking a Content Developer (SIEM Cyber Security) at Lackland AFB in San Antonio, TX . What You'll Do: Analyze DCO events. Establish security control effectiveness and monitor for unauthorized outbound connections . Develop dashboards and visualizations to identify adversarial activity.
En Español: Lackland Air Force Base, San Antonio, TX, Estados Unidos • Descripción del trabajo Publicado el jueves 15 de enero de 2026 a las 6:00 AM STS Systems Defense, LLC (SSD) es una empresa gubernamental de consultoría y contratación que apoya agencias federales e instalaciones militares en los EE.UU. Buscamos un desarrollador de contenido (SIEM Cyber Security) en la base aérea de LAckland en San Antonio , Texas. Lo que harás: Analizar eventos DCO. Aplicar las mejores prácticas SIEM actuales de la industria. Utilice alertas de seguridad correlacionadas con datos de enriquecimiento de registros para mejorar la capacidad del operador para identificar ataques reales. Establecer la eficacia del control de seguridad y monitorear detecciones de conexiones salientes no autorizadas mediante el análisis de datos de registro en toda la empresa. (CDRL A007) Tune las reglas y la lógica de correlación de eventos SIEM para filtrar los acontecimientos de seguridad asociados con el comportamiento de red conocido y bien establecido, falsos positivos conocidos y/o errores conocidos. Analizar amenazas de malware para desarrollar detecciones basadas en comportamientos que alertan y / o prevengan actividad maliciosa. Automatizar tareas en el SIEM utilizando un lenguaje común de programación o scripting. Crear informes programados y ad-hoc con herramientas SEIM. (CDRL A009). Apoyar el liderazgo operativo en tareas relacionadas con las funciones y responsabilidades de desarrollo de contenido Lo que usted trae: Requisitos: Certificación activa TS/SCI GMLE (GIAC Machine Learning Engineer) O Grado en Ciencias Informáticas Más de 5 años de tecnología SIEM como ArcSight, Splunk y / o ELK. Más de 3 años con análisis del tráfico de red, puertos y protocolos. BA/BS o MA/MS Más de cinco (5) años de tecnologías SIEM tales como Arcsight, S Plunk y/o Elk. Incluyendo, pero no limitado a, manejo de registros, informes, filtros, creación de reglas. Conocimiento extenso con los sistemas IDS/IPS actualmente utilizados por el Departamento de Defensa (DoD), Servicios y Agencias (es decir, Fuerzas Aéreas Extensivas, comunidad, MIT, DISA3, etc.). Proficientes en Python y PowerShell. Lo que ofrecemos: STS Systems Defense, LLC ofrece un paquete de beneficios competitivos para incluir: vacaciones pagadas, tiempo libre pagado incluido el permiso por enfermedad y vacaciones, seguro médico, dental y visión, cuentas flexibles de gasto, discapacidad a corto y largo plazo, seguro de vida pago por la compañía, 401 (k) con una coincidencia de empresa y reparto discrecional de ganancias y reembolso de matrícula. SSD es un Empleador de Igualdad de Oportunidades. Las decisiones de empleo se toman sin tener en cuenta ninguna categoría protegida.