Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Detection Engineer

G

Gray Tier Technologies

Detection Engineer

National
Full Time
Paid
Similar Jobs
  • Responsibilities

    DETECTION ENGINEER

    PRIMARY RESPONSIBILITIES

    • Identify gaps in malicious activity detection capabilities
    • Create new signatures / rules to improve detection of malicious activities
    • Test and tune existing signatures / rules to ensure low rate of false positives
    • Assist in playbook development for alert triage and Incident Response
    • Define and implement alert and threat detection metrics, statistics, and analytics
    • Recommend new tools/technologies to improve network visibility
    • Support Incident Response and Forensic operations as required to include static/dynamic malware analysis and reverse engineering
    • Author and maintain scripts for threat detection and automation

    BASIC QUALIFICATIONS

    The Cyber Threat Detection Engineer SME shall have the following qualifications: 

    • • In-depth knowledge of Firewalls/Proxies/Intrusion Detection Systems/ Domain Name Servers/DHCP/VPN and other network technologies and tools
    • • Experience updating, maintaining, and creating IDS variables within a complex enterprise network
    • • Expert in creating, modifying, tuning IDS signatures/SIEM Correlation Searches/yara rules  and/or other detection signatures
    • • Familiarity with disk based forensic methodologies, Windows, and Linux forensic artifacts
    • • Experience with Endpoint Detection and Response (EDR) tools such as Carbon Black, Tanium, Crowdstrike, etc
    • • Able to create, modify, update, and maintain Python and Powershell scripts that enhance endpoint detection capabilities
    • • In-depth knowledge of attacker tactics, techniques, and procedures
    • • Author, test, and maintain automation scripts within SOAR platform

    The candidate must currently possess a Secret Clearance.  In addition to clearance requirement, all CBP personnel must have a current or be able to favorably pass a 5 year background investigation (BI).  

    BS degree in Science, Technology, Engineering, Math or related field and 8 years of prior relevant experience with a focus on cyber security or Masters with 6 years of prior relevant experience.

    Should have 5 years of experience serving as a digital media analyst or as a computer forensic analyst.

    Ability to work independently with minimal direction; self-starter/self-motivated

    MUST HAVE ONE OF THE FOLLOWING J3 CERTIFICATIONS:

    Tier 3 DMA:

    GCIH – Incident Handler

    GCFA – Forensic Analyst

    GCFE – Forensic Examiner

    GREM – Reverse Engineering Malware

    GISF – Security Fundamentals

    GXPN – Exploit Researcher and Advanced Penetration Tester

    OSCP (Certified Professional)

    OSCE (Certified Expert)

    OSWP (Wireless Professional)

    OSEE (Exploitation Expert)

    CCFP – Certified Cyber Forensics Professional

    CISSP – Certified Information Systems Security

    CHFI – Computer Hacking Forensic Investigator

    LPT – Licensed Penetration Tester

    ECSA – EC-Council Certified Security Analyst

    EnCE

    Windows Forensic Examinations – FTK WFE-FTK

    Computer Incident Responders Course - CIRC

    Windows Forensic Examination – EnCase – Counter Intelligence (CI) - WFE-E-CI

    Forensics and Intrusions in a Windows Environment -FIWE