CriticalTilt, Inc. ยท 2 months ago
DETECTION ENGINEER - (Cleared)
Herndon, VA
Full-time
Onsite
Mid Level
3+ years expCriticalTilt blends 25+ years of specialized experience with a lean, responsive approach, delivering tailored solutions to government agencies and private sector clients. They are seeking a highly skilled DETECTION ENGINEER (CORELIGHT) to focus on network intrusion detection, implementation, configuration, and operational consulting using the Corelight platform. The role involves crafting detection rules, conducting threat hunting, and collaborating with customer IT and cybersecurity personnel.
Information Technology & Services
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Craft and maintain novel detection rules, algorithms and alerts that identify malicious and unusual activities
Conduct threat hunting activities to identify anomalies and potential threats
Leverage controlled environments for analyzing the operation of specific attacks and attacker techniques
Engage with Customer IT and cybersecurity personnel as well as Corelight support to produce and refine effective detections
Disseminate knowledge and discoveries regarding detections via internal- and external-facing documentation
Continuously improve intrusion detection capabilities based on emerging threats
Qualification
Required
3+ years of experience in one or more of the following information security disciplines: detection engineering, threat hunting, incident response, security operations engineering
Demonstrated knowledge of information security tools such as Zeek, Suricata, and YARA
Demonstrated history of creating and maintaining detection rules and capabilities
Working knowledge of security investigation and incident response processes, particularly at enterprise-scale
Strong analytical skills related to detection engineering, including NSM/NDS systems, threat hunting, and threat identification
Familiarity with the capabilities of threat intel, malware analysis, and digital forensics
In-depth knowledge of networking concepts and protocols such as TCP/IP, HTTP, TLS, DNS, Kerberos, SMB
Experience working in an Agile work environment
Working knowledge of programming in at least two languages
Administrate, Configure, and Optimize Corelight Fleet Manager
Administrate, Configure, and Optimize Corelight Sensor(s)
Administrate, Configure, and Optimize Zeek
Administrate, Configure, and Optimize Suricata
Administrate, Configure, and Optimize YARA
Administrate, Configure, and Optimize Network
Administrate, Configure, and Optimize Operating System (Windows)
Administrate, Configure, and Optimize Operating System (Linux)
Administrate, Configure, and Optimize Cloud (AWS, Azure, GCP)
Administrate, Configure, and Optimize Software Development / Automation
Use-Case Analysis Zeek
Use-Case Analysis Suricata
Use-Case Analysis YARA
Use-Case Analysis Splunk
Use-Case Analysis Elastic
Use-Case Analysis Endpoint Detection and Response (EDR)
Specialization in Security Fundamentals
Specialization in Security Operations
Specialization in Threat Hunting
Specialization in Incident Response
Specialization in Network Security
Professional Project Management
Professional Documentation
Professional Training / Knowledge Share Delivery
Professional Cross-functional collaboration
Professional Mentoring
Applicants must hold an active TS / SCI clearance with Full Scope Polygraph
Preferred
Use-Case Analysis Grafana
Use-Case Analysis Humio
Specialization in Identity and Access Management
Specialization in Governance and Compliance
Specialization in Application Security
Specialization in Mobile / IoT Security
Company
CriticalTilt, Inc.
In an ever-evolving technological landscape with scant resources, CriticalTilt is your stalwart ally.
2-10 employees
Funding
Current Stage
Early StageCompany data provided by crunchbase