STS Systems Defense, LLC (SSD) is a government consulting and contracting firm supporting federal agencies and military installations across the U.S. We are seeking a Content Developer (SIEM Cyber Security) at Lackland AFB in San Antonio, TX.
What You'll Do:- Analyze DCO events.
- Apply current industry SIEM best-practices.
- Use security alerts correlated with log enrichment data to enhance the operator's ability to identify real attacks.
- Establish security control effectiveness and monitor for unauthorized outbound connections
- Create detections by analyzing log data across the enterprise. (CDRL A007)
- Develop dashboards and visualizations to identify adversarial activity. (CDRL A007)
- Use log data to establish and implement virtual tripwires for early detection.
- Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.
- Conduct designing, implementing, and testing of various SIEM solutions. (CDRL A007)
- Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate. (CDRL A008)
- Create, test, and validate filters and rules. (CDRL A007)
- Build and implement event correlation rules, logic, and content in the SIEM. (CDRL A007)
- Tune SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors.
- Analyze malware threats to develop behavior based detections that alert and/or prevent malicious activity.
- Automate tasks in the SIEM using a common programming or scripting language.
- Create scheduled and ad-hoc reporting with SEIM tools. (CDRL A007 and A008)
- Create and maintain SIEM documentation. (CDRL A008)
- Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.
- Utilize SIEM to develop metrics collection, analysis, and create reports upon request.
- Provide training to government personnel as requested.
- Provide knowledge transfer of tools, processes and procedures to government personnel as requested.
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
- Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
- Support operational leaderships tasking as it relates to Content Development functions and responsibilities
What You Bring:Requirements:- DoDD 8570.01-M/8140.01 I AT Level III CND
- Active TS/SCI
- GMLE Certification (GIAC Machine Learning Engineer) OR Degree in Computer Science
- More than 5 years of SIEM technology such as ArcSight, Splunk, and/or ELK.
- More than 3 years with network traffic analysis, ports, and protocols. BA/BS or MA/MS
- More than five (5) years of SIEM technology such as Arcsight, Splunk and/or ELK. Including, but not limited to, log handling, reports, filters, rule creation.
- Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., Air Force, Navy, Army, DC3, DISA).
- More than three (3) years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s).
- Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
Desired:
- Additionally, more than one (1) year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell.
What We Offer:STS Systems Defense, LLC offers a competitive benefits package to include: paid holidays, paid time off including sick and vacation leave, medical, dental and vision insurance, flexible spending accounts, short and long term disability, company paid life insurance, 401(k) with a company match and discretionary profit sharing and tuition reimbursement.
