Threat Detection Engineer SME

G

Gray Tier Technologies

Threat Detection Engineer SME

National
Full Time
Paid
  • Responsibilities

    Gray Tier Technologies is seeking a Threat Detection Engineer for a new customer on a highly-visible and strategic Cybersecurity Task Order. The Threat Detection Engineer will:

    • Capture use cases from subscribers or other team members and develop correlation rules
    • Utilize knowledge of latest threats and attack vectors to develop Splunk correlation rules for continuous monitoring
    • Develop, manage, and maintain Splunk data models
    • Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases
    • Develop custom regex to create custom knowledge objects
    • Developing custom SPL using macros, lookups, etc., and network security signatures such as SNORT and YARA
    • Develop custom dashboards and reports for customer stakeholders
      Train and mentor junior staff

    Basic Qualifications:

    • Bachelor's Degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS at least eight (8) years of experience in incident detection and response, malware analysis, or cyber forensics

    • Extensive experience working with various security methodologies and processes

    • Advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices

    • Expert knowledge in two or more of the following areas related to cybersecurity:
      Vulnerability Assessment, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Web-filtering, Advanced Threat Protection

    • Experience developing advanced correlation rules utilizing Stats and data models for cyber threat detection

    • Experienced with creating and maintaining Splunk knowledge objects

    • Experienced managing and maintaining Splunk data models

    • Experience creating regex for pattern matching

    • Experience implementing security methodologies and SOC processes

    Preferred Qualifications:

    • Top Secret clearance
    • Experience with cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
    • Completed Splunk Advance Searching and Reporting training
    • Experience developing custom scripts using python
    • Splunk certifications