Content Developer (SIEM Cyber Security) jobs in United States
cer-icon
Apply on Employer Site
company-logo

BRS · 19 hours ago

Content Developer (SIEM Cyber Security)

positionSan Antonio, TX
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

STS Systems Defense, LLC (SSD) is a government consulting and contracting firm supporting federal agencies and military installations across the U.S. They are seeking a Content Developer (SIEM Cyber Security) to analyze DCO events, apply SIEM best practices, and create detections to enhance security operations. The role involves developing dashboards, automating tasks, and providing training to government personnel.

AdviceBusiness DevelopmentManagement Consulting
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Analyze DCO events
Apply current industry SIEM best‐practices
Use security alerts correlated with log enrichment data to enhance the operator’s ability to identify real attacks
Establish security control effectiveness and monitor for unauthorized outbound connections
Create detections by analyzing log data across the enterprise. (CDRL A007)
Develop dashboards and visualizations to identify adversarial activity. (CDRL A007)
Use log data to establish and implement virtual tripwires for early detection
Analyze and ingest security logs into the SIEM in order to optimize for performance of the SIEM
Conduct designing, implementing, and testing of various SIEM solutions. (CDRL A007)
Create and support the creation of SIEM Use Cases and understand what alerts and log enrichment is necessary to meet the required acceptable false positive rate. (CDRL A008)
Create, test, and validate filters and rules. (CDRL A007)
Build and implement event correlation rules, logic, and content in the SIEM. (CDRL A007)
Tune SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors
Analyze malware threats to develop behavior based detections that alert and/or prevent malicious activity
Automate tasks in the SIEM using a common programming or scripting language
Create scheduled and ad‐hoc reporting with SEIM tools. (CDRL A007 and A008)
Create and maintain SIEM documentation. (CDRL A008)
Develop and execute a process to review and maintain SIEM resources such as rules, filters, lists, trends and reports
Utilize SIEM to develop metrics collection, analysis, and create reports upon request
Provide training to government personnel as requested
Provide knowledge transfer of tools, processes and procedures to government personnel as requested
Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate
Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009)
Support operational leaderships tasking as it relates to Content Development functions and responsibilities

Qualification

SIEM technologyNetwork Traffic AnalysisMITRE ATT&CK frameworkCND certificationGMLE CertificationPythonPowerShellTraining skillsDocumentation skills

Required

DoDD 8570.01‐M/8140.01 I AT Level III CND
Active TS/SCI
GMLE Certification (GIAC Machine Learning Engineer) OR Degree in Computer Science
More than 5 years of SIEM technology such as ArcSight, Splunk, and/or ELK
More than 3 years with network traffic analysis, ports, and protocols. BA/BS or MA/MS
More than five (5) years of SIEM technology such as Arcsight, Splunk and/or ELK. Including, but not limited to, log handling, reports, filters, rule creation
Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., Air Force, Navy, Army, DC3, DISA)
More than three (3) years of experience with Network Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s)
Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)

Preferred

Additionally, more than one (1) year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto
Proficient in Python and PowerShell

Benefits

Paid holidays
Paid time off including sick and vacation leave
Medical, dental and vision insurance
Flexible spending accounts
Short and long term disability
Company paid life insurance
401(k) with a company match
Discretionary profit sharing
Tuition reimbursement

Company

BRS

twittertwittertwitter
company-logo
BRS is an advisory firm that specializes in bid coaching, tenders, project performance, procurement, and organization development services.
dateFounded in 2009
location
Adelaide, South Australia, AUS
people-size11-50 employees
web-link
https://www.brsresults.com/

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Kym Williams
Managing Director
linkedin
leader-logo
Nicole Williams
Director
linkedin
Company data provided by crunchbase