SIEM Content Developer

Primary Responsibilities :

• Experience with creating and implementing custom IOCs and IOAs in Crowdstrike
• Experience with triaging and investigating hosts using Crowdstrike
• Experienced with updating McAfee AV signatures
• Experience with creating and maintain custom Tanium packages for collecting artifacts for continuous monitoring
• Provide recommendations for tuning and / or triaging notable events
• Perform critical thinking and analysis to investigate cyber security alerts
• Analyze network traffic using enterprise tools (e.g. Full PCAP, Firewall, Proxy logs, IDS logs, etc)
• Collaborate with team members to analyze an alert or a threat
• Stay up to date with latest threats and familiar with APT and common TTPs
• Utilize OSINT to extrapolate data to pivot and identify malicious activity
• Have experience with dynamic malware analysis
• Have experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for response
• Utilize the Cyber Kill Chain and synthesize the entire attack life cycle
• Review and provide feedback to junior analysts' investigation
• participate in discussions to make recommendations on improving SOC visibility or process
• Contribute to SOP development and updating
• Provide expert guidance and mentorship to junior analysts

Basic Qualifications :

Candidates must have extensive experience working with various security methodologies and processes, advanced knowledge of TCP / IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices, and must possess expert knowledge in two or more of the following areas related to cybersecurity :

• Vulnerability Assessment
• Intrusion Prevention and Detection
• Access Control and Authorization
• Policy Enforcement
• Application Security
• Protocol Analysis
• Firewall Management
• Incident Response
• Encryption
• Web-filtering
• Advanced Threat Protection

Must have at least one of the following certifications :

SANS GIAC : GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH

EC Council : CEH, CHFI, LPT, ECSA

ISC2 : CCFP, CCSP, CISSP CERT CSIH

Offensive Security : OSCP, OSCE, OSWP and OSEE

• Must have TS / SCI. In addition to specific security clearance requirements, all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
• The ideal candidate is a self-motivated individual in pursuit of a career in cyber security.
• Experienced with developing advanced correlation rules utilizing tstats and datamodels for cyber threat detection
• Experienced with creating and maintaining Splunk knowledge objects
• Experienced managing and maintaining Splunk data models
• Expertise in developing custom SPL using macros, lookups, etc and network security signatures such as SNORT and YARA
• Experience creating regex for pattern matching
• Implemented security methodologies and SOC processes
• Extensive knowledge about network ports and protocols (e.g. TCP / UDP, HTTP, ICMP, DNS, SMTP, etc)
• Experienced with network topologies and network security devices (e.g. Firewall, IDS / IPS, Proxy, DNS, WAF, etc).
• Hands-on experience utilizing network security tools (e.g. Sourcefire, Suricata, Netwitness, o365, FireEye, etc) and SIEM
• Experience in a scripting language (e.g. Python, Powershell, etc) and automating SOC processes / workflow
• Experience training and mentoring junior analysts
• Extensive knowledge of common end user and web application attacks and countermeasures against attacks
• Experience developing custom workflows within Splunk to streamline SOC processes
• Experience creating SOPs and providing guidance to junior analysts
• Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response
• Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
• Experience with cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
• Knowledgeable of APT capabilities and be able to implement appropriate countermeasures

Required Education / Experience : All Tier 2 analyst candidates shall have a minimum a bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS eight (8) years of experience in incident detection and response, malware analysis, or cy