Cyber Content Developer

IPSecure, Inc.

$90K — $120K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Active TS/SCI clearance required.
  • Ability to obtain GIAC Machine Learning Engineer (GMLE) Certification within 120 days of hire or possess a BS/MS in Computer Science/Cyber Security.
  • 2+ years of experience with SIEM technologies (e.g., Arcsight, Splunk, Devo, ELK).
  • Experience in log handling, reporting, and rule creation.
  • Extensive knowledge of IDS/IPS systems used by DoD.
  • 3+ years of network traffic analysis experience; SANS GCDA certification preferred.
  • Familiarity with MITRE ATT&CK framework and SOAR platforms.

Responsibilities

  • Analyze DCO events to evaluate security incidents.
  • Apply SIEM best practices to optimize workflows.
  • Enhance operator alerts using log enrichment data.
  • Monitor for unauthorized outbound connections and control effectiveness.
  • Create detections by analyzing enterprise log data.
  • Develop dashboards to visualize adversarial activities.
  • Implement virtual tripwires for early threat detection.

Benefits

  • Medical, Dental, Vision coverage.
  • Unlimited Vacation and Sick Leave.
  • Paid Federal Holidays.
  • Education and Certification Reimbursement Program.
  • 401(k) retirement plan with employer match after 3 months.
  • Prepaid legal plan and ID protection plan.
  • Accident, Critical Illness, and Hospital Indemnity Insurance.
Full Job Description
CYBER CONTENT DEVELOPER/SIEM ENGINEER (33 NWS) - JBSA LACKLAND, SAN ANTONIO, TEXAS - TS/SCI REQUIRED

Job Description

The Cyber Content Developer/SIEM Engineer implements use cases based on mission requirements that provide analysts with a manageable SIEM view of security incidents, complete with workflow and reporting. Additionally, provide proactive housekeeping of associated content (use cases) with consideration for revisions and/or decommissioning. Will be in close collaboration with DO and DM leadership to ensure tasks align with squadron requirements, priorities, and future initiatives.

Responsibilities
  • Analyze DCO events.
  • Apply current industry SIEM best-practices.
  • Use security alerts correlated with log enrichment data to enhance the operator's ability to identify real attacks.
  • Establish security control effectiveness and monitor for unauthorized outbound connections
  • Create detections by analyzing log data across the enterprise.
  • Develop dashboards and visualizations to identify adversarial activity.
  • Use log data to establish and implement virtual tripwires for early detection.
  • Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM.
  • Conduct designing, implementing, and testing of various SIEM solutions.
  • Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate.
  • Create, test, and validate filters and rules.
  • Build and implement event correlation rules, logic, and content in the SIEM.
  • Tune SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors.
  • Analyze malware threats to develop behavior-based detections that alert and/or prevent malicious activity.
  • Automate tasks in the SIEM using a common programming or scripting language.
  • Create scheduled and ad-hoc reporting with SEIM tools.
  • Create and maintain SIEM documentation.
  • Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports.

Basic Qualifications
  • An active TS/SCI clearance.
  • Ability to obtain the GIAC Machine Learning Engineer (GMLE) Certification within 120-days of hire date OR have a BS in Computer Science or MS in Computer Science/Cyber Security.

Preferred Qualifications
  • 2+ years of SIEM technology (ex: Arcsight, Splunk, Devo and/or ELK).
  • Experience with log handling, reports, filters, and rule creation.
  • Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (ex: Air Force, Navy, Army, DC3, DISA).
  • 3+ years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s).
  • Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (ex: Open Source projects).
  • 1+ year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto.
  • Proficient in Python and PowerShell.

Benefits

Medical, Dental, Vision, Unlimited Vacation, Sick Leave, Paid Federal Holidays, Education and Certification Reimbursement Program, 401(k) retirement plan with safe harbor employer match after 3 months, Prepaid legal plan and ID protection plan available, Accident Insurance, Critical Illness Insurance, and Hospital Indemnity Insurance available.

Similar Jobs

More Jobs at IPSecure, Inc.

More Information Technology Jobs

Find similar Cyber Content Developer jobs: