SIEM Content Developer
Apply NowCompany: Gray Tier Technologies
Location: Washington, DC 20510
Description:
Primary Responsibilities:
Basic Qualifications:
Candidates must have extensive experience working with various security methodologies and processes, advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices, and must possess expert knowledge in two or more of the following areas related to cybersecurity:
Must have at least one of the following certifications:
SANS GIAC: GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH
EC Council: CEH, CHFI, LPT, ECSA
ISC2: CCFP, CCSP, CISSP CERT CSIH
Offensive Security: OSCP, OSCE, OSWP and OSEE
Required Education/Experience: All Tier 2 analyst candidates shall have a minimum a bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS eight (8) years of experience in incident detection and response, malware analysis, or cy
- Experience with creating and implementing custom IOCs and IOAs in Crowdstrike
- Experience with triaging and investigating hosts using Crowdstrike
- Experienced with updating McAfee AV signatures
- Experience with creating and maintain custom Tanium packages for collecting artifacts for continuous monitoring
- Provide recommendations for tuning and/or triaging notable events
- Perform critical thinking and analysis to investigate cyber security alerts
- Analyze network traffic using enterprise tools (e.g. Full PCAP, Firewall, Proxy logs, IDS logs, etc)
- Collaborate with team members to analyze an alert or a threat
- Stay up to date with latest threats and familiar with APT and common TTPs
- Utilize OSINT to extrapolate data to pivot and identify malicious activity
- Have experience with dynamic malware analysis
- Have experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for response
- Utilize the Cyber Kill Chain and synthesize the entire attack life cycle
- Review and provide feedback to junior analysts' investigation
- participate in discussions to make recommendations on improving SOC visibility or process
- Contribute to SOP development and updating
- Provide expert guidance and mentorship to junior analysts
Basic Qualifications:
Candidates must have extensive experience working with various security methodologies and processes, advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices, and must possess expert knowledge in two or more of the following areas related to cybersecurity:
- Vulnerability Assessment
- Intrusion Prevention and Detection
- Access Control and Authorization
- Policy Enforcement
- Application Security
- Protocol Analysis
- Firewall Management
- Incident Response
- Encryption
- Web-filtering
- Advanced Threat Protection
Must have at least one of the following certifications:
SANS GIAC: GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH
EC Council: CEH, CHFI, LPT, ECSA
ISC2: CCFP, CCSP, CISSP CERT CSIH
Offensive Security: OSCP, OSCE, OSWP and OSEE
- Must have TS/SCI. In addition to specific security clearance requirements, all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
- The ideal candidate is a self-motivated individual in pursuit of a career in cyber security.
- Experienced with developing advanced correlation rules utilizing tstats and datamodels for cyber threat detection
- Experienced with creating and maintaining Splunk knowledge objects
- Experienced managing and maintaining Splunk data models
- Expertise in developing custom SPL using macros, lookups, etc and network security signatures such as SNORT and YARA
- Experience creating regex for pattern matching
- Implemented security methodologies and SOC processes
- Extensive knowledge about network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)
- Experienced with network topologies and network security devices (e.g. Firewall, IDS/IPS, Proxy, DNS, WAF, etc).
- Hands-on experience utilizing network security tools (e.g. Sourcefire, Suricata, Netwitness, o365, FireEye, etc) and SIEM
- Experience in a scripting language (e.g. Python, Powershell, etc) and automating SOC processes/workflow
- Experience training and mentoring junior analysts
- Extensive knowledge of common end user and web application attacks and countermeasures against attacks
- Experience developing custom workflows within Splunk to streamline SOC processes
- Experience creating SOPs and providing guidance to junior analysts
- Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response
- Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
- Experience with cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
- Knowledgeable of APT capabilities and be able to implement appropriate countermeasures
Required Education/Experience: All Tier 2 analyst candidates shall have a minimum a bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS eight (8) years of experience in incident detection and response, malware analysis, or cy