Signature Writer - Intermediate - Cyber Security

STS Systems Support, LLC (SSS) is seeking a Signature Writer - Intermediate - Cyber Security

Requirements :

• DoDD 8570.01-M / 8140.01 I AT Level III CND
• Active TS / SCI
• More than 3 years' experience implementing signatures on HIPS devices.
• 3+ years' experience using Regular Expressions, YARA, and Snort-equivalent to create custom IPS / IDS signatures. BA / BS or MA / MS
• More than three (3) years of experience implementing signatures on Host based Intrusion Protection System (HIPS) devices.
• Proficient in PowerShell with more than one (1) year of experience.
• Extensive knowledge of Windows internals.
• Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
• More than three years of experience using Regular Expressions, YARA, and Snortequivalent to create custom IPS / IDS signatures

Desired :

• More than five (5) years of experience implementing behavior-based (heuristic and anomaly-based) signatures on IDS / IPS / Host based Intrusion Protection System (HIPS) devices on AF approved devices as well as DISA's Joint Regional Security Stacks (JRSS).
• Proficient in Python and PowerShell. SANS GCFA or equivalent certification.

Duties :

• Analyze, interpret, and utilize Regular Expressions, YARA, and Snort-like capabilities in the creation of custom signature sets.
• Develop and document IPS / IDS SOPs. (CDRL A008)
• Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.
• Analyze deployed signatures to reduce false positive rate and perform signature maintenance.
• Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.
• Automate tasks using a common programming or scripting language.
• Utilize Linux systems, UNIX / Linux shell scripting (bash), Python, PowerShell.
• Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems. (CDRL A007)
• Migrate, tune, and document existing and future AF signatures / detections to new tools and systems as they become available. (CDRL A007)
• Provide support to external units and work centers as approved by AFCERT leadership. (CDRL A007)
• Automate processes and procedures using scripts and SQL / database administration (CDRL A007)
• Provide training and knowledge transfer to government personnel as requested.
• Provide OJT to other contractor employees, military, and / or civilian personnel, and ensure continuity folders / working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
• Maintain currency on latest industry trends and provide operational reports / assessments for development of tactics, techniques, and procedures. (CDRL A002)
• Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
• Locations : Lackland AFB, TX, Offut AFB, NE, and Maxwell AFB, AL
9 days ago