Detection Engineer with Security Clearance

Primary Responsibilities

• Identify gaps in malicious activity detection capabilities

• Create new signatures / rules to improve detection of malicious activity

• Test and tune existing signatures / rules to ensure low rate of false positives

• Assist in playbook development for alert triage and Incident Response

• Define and implement alert and threat detection metrics, statistics, and analytics

• Recommend new tools/technologies to improve network visibility

• Support Incident Response and Forensic operations as required to include static/dynamic malware analysis and reverse engineering

• Author and maintain scripts for threat detection and automation Basic Qualifications
The Cyber Threat Detection Engineer SME shall have the following qualifications:
• In-depth knowledge of Firewalls/Proxies/Intrusion Detection Systems/ Domain Name Servers/DHCP/VPN and other network technologies and tools

• Experience updating, maintaining, and creating IDS variables within a complex enterprise network

• Expert in creating, modifying, tuning IDS signatures/SIEM Correlation Searches/yara rules and/or other detection signatures

• Familiarity with disk based forensic methodologies, Windows, and Linux forensic artifacts

• Experience with Endpoint Detection and Response (EDR) tools such as Carbon Black, Tanium, Crowdstrike, etc

• Able to create, modify, update, and maintain Python and Powershell scripts that enhance endpoint detection capabilities

• In-depth knowledge of attacker tactics, techniques, and procedures

• Author, test, and maintain automation scripts within SOAR platform The candidate must currently possess a Secret Clearance. In addition to clearance requirement, must have a current or be able to favorably pass a 5 year background investigation (BI). BS degree in Science, Technology, Engineering, Math or related field and 8 years of prior relevant experience with a focus on cyber security or Masters with 6 years of prior relevant experience. Should have 5 years of experience serving as a digital media analyst or as a computer forensic analyst.
Ability to work independently with minimal direction; self-starter/self-motivated