Content Developer (SIEM Cyber Security)
Company: Bristol Bay Shared Services
Location: San Antonio
Posted on: January 27, 2023
|
|
Job Description:
STS Systems Support, LLC. (SSS) is seeking a Content Developer
(SIEM Cyber Security) Requirements: DoDD 8570.01-M/8140.01 I AT
Level III CND Active TS/SCI More than 5 years of SIEM technology
such as ArcSight, Splunk, and/or ELK. More than 3 years with
network traffic analysis, ports, and protocols. BA/BS or MA/MS More
than five (5) years of SIEM technology such as Arcsight, Splunk
and/or ELK. Including, but not limited to, log handling, reports,
filters, rule creation. Extensive knowledge with IDS/IPS systems
currently in use by the Department of Defense (DoD), Services, and
Agencies (i.e., Air Force, Navy, Army, DC3, DISA). More than three
(3) years of experience with Network Traffic Analysis; ports and
protocols. SANS GCDA or equivalent certification(s). Extensive
knowledge of MITRE ATT&CK framework, and its uses within the
cybersecurity community (e.g., Open Source projects) Desired:
Additionally, more than one (1) year of experience with Security,
Orchestration, Automation, and Response (SOAR) platforms such as
Phantom and/or Demisto. Proficient in Python and PowerShell.
Duties: Analyze DCO events. Apply current industry SIEM
best-practices. Use security alerts correlated with log enrichment
data to enhance the operator's ability to identify real attacks.
Establish security control effectiveness and monitor for
unauthorized outbound connections Create detections by analyzing
log data across the enterprise. (CDRL A007) Develop dashboards and
visualizations to identify adversarial activity. (CDRL A007) Use
log data to establish and implement virtual tripwires for early
detection. Analyze and ingest security logs into the SIEM in order
to optimize for performance of the SIEM. Conduct designing,
implementing, and testing of various SIEM solutions. (CDRL A007)
Create and support the creation of SIEM Use Cases and understand
what alerts and log enrichment is necessary to meet the required
acceptable false positive rate. (CDRL A008) Create, test, and
validate filters and rules. (CDRL A007) Build and implement event
correlation rules, logic, and content in the SIEM. (CDRL A007) Tune
SIEM event correlation rules and logic to filter out security
events associated with known and well established network behavior,
known false positives and/or known errors. Analyze malware threats
to develop behavior based detections that alert and/or prevent
malicious activity. Automate tasks in the SIEM using a common
programming or scripting language. Create scheduled and ad-hoc
reporting with SEIM tools. (CDRL A007 and A008) Create and maintain
SIEM documentation. (CDRL A008) Develop and execute a process to
review and maintain SIEM resources such as rules, filters, lists,
trends and reports. Utilize SIEM to develop metrics collection,
analysis, and create reports upon request. Provide training to
government personnel as requested. Provide knowledge transfer of
tools, processes and procedures to government personnel as
requested. Provide OJT to other contractor employees, military,
and/or civilian personnel, and ensure continuity folders/working
aids are updated at least once per quarter in order to ensure
efficient transition when personnel rotate. Maintain currency on
latest industry trends and provide operational reports/assessments
for development of tactics, techniques, and procedures. (CDRL A002)
Create, document, and report metrics for analysis to improve weapon
system processes and mission execution. (CDRL A009). Support
operational leaderships tasking as it relates to Content
Development functions and responsibilities Other details Pay Type
Salary Apply Now
Keywords: Bristol Bay Shared Services, San Antonio , Content Developer (SIEM Cyber Security), Other , San Antonio, Texas
Click
here to apply!
|