ReliaQuest is currently seeking an intermediate level cybersecurity specialist to begin immediately in a SIEM Content Developer role. The Threat Management Team at ReliaQuest combines all of the intelligence sources in a network into a single pane of glass in order to provide complete threat detection capability. Content Developers analyze the signatures cyber attackers leave behind throughout a network and develop SIEM rules to detect future intrusions.
- Research and deconstruct cyber-attacks into sequenced Indicators of Compromise (IOC) detectable through network device logs
- Create abstract rules to detect network intrusions based on IOCs
- Conduct open ended analysis of large data sets in order to find network activity baselines as well as abnormalities
- Implement SIEM rules across variable environments in ArcSight, Qradar, LogRhythm, McAfee ESM, Splunk, and AlienVault
- Test rules in a lab environment using penetration testing tools
- Clearly and effectively document your work to inform multiple audiences of how to use your work
- Understanding of all major categories of networksecurity devices to include SIEM, IDS/IPS, firewalls, proxies, web filters, email filters, web application firewalls, end point anti-virus, etc.
- Understanding of Window SecurityEvent logs and Syslog
- Understanding of how to conduct investigations and create rules in at least 1 SIEM
- Understanding of cyber kill chains and campaign strategies
- Collegiate level writing ability
- Strong ability to develop regular expressions
- Scripting and programming experience are not required, but highly desirable.