Research and develop new threat detection, use cases based on emerging threats, threat intelligence research and Threat Detection Analyst feedback. Work with DLA stakeholders and cybersecurity tool SMEs to identify gaps in security protection and analytics capabilities. Develop custom scripts to enhance SIEM functionality. Review the quality of data feeds and recommend and/or implement improvements. Collaborate with stakeholders to identify critical systems and application components to develop alerting priorities and create signatures tailored to individual programs and applications
Minimum Experience:
- 5+ years of relevant IT experience
- 3+ years working with a SIEM in a content development or Incident Response role
- 3+ years of System and/or Network Administration experience
Required Skills:
- Understanding of various log formats
- Understanding of the MITRE ATT&CK framework
- Strong understanding of network architecture
- Experience developing and maintaining scripts (preferably using PowerShell, Python or SPL)
- Understanding of Defense-in-Depth
- MUST POSSESS A CURRENT DOD TOP SECRET CLEARANCE and be eligible for an IT-1 at time of proposal submission.
- Relevant certification from a nationally recognized technical authority meeting DOD 8570.01 IAT II (CompTIA Security + (CE) or CompTIA CASP +(CE) or more advanced).
- Must possess and maintain DOD 8570.01 CNDSP/CSSP-IR or CSSP-A certification.
- Must be willing to work on site, 100% of the time, from one of the following locations:
- On Site, Columbus, OH;
- On Site, Ft Belvoir, VA;
- On Site, Battle Creek, MI