Cybersecurity Detection Content Developer (Security CSOC)-11741-Hybrid
Vienna, VA--Hybrid-1 day week onsite needed ** ******
Cyber Security Content Development:
Log Analysis:
Documentation and Process Improvement:
Develop technical documents including, but not limited to content creation, content/rule review process, language-specific querying for disparate log sources, network/security visibility issues, detection gaps, SOPs, and monitoring strategies.
Continuously executes timely and effective communication across team and management channels regarding tasks completed, roadblocks experienced, and process improvement opportunties identified.
7+ years of experience within cyber security operations and SIEM technologies serving in a senior analyst or supervisory role.
Advanced knowledge of content creation concepts, content development management, content testing, implementation, the revision cycle, and cybersecurity threat analysis of complex events.
Advanced skills in monitoring and analyzing logs and alerts from a variety of different technologies and sources, to include but not limited to IDS/IPS, firewall, proxies, network/host, anti-virus, OS events, application/database, EDR, NDR, Cloud (IaaS, PaaS, SaaS).
Advanced skill in developing complex detection content using various data sources and query languages - e.g., custom SPL(macros, lookups, regex) SNORT, YARA, KQL
Experience in analyzing security systems, and how changes in conditions, operations, or the environment will affect deployed monitoring content.
Experience in applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Advanced knowledge of security architectures, devices, proxies, firewalls, and system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Advanced understanding of blue team/red team processes and technologies and their applicability to custom content development
Advanced verbal and written skill presenting complex findings, conclusions, alternatives, and information clearly and concisely to all levels of management, supervisors, stakeholders and vendor through advanced research, analytical, and problem solving skills
Required: Experience with security tools related to IPS/IDS, Antivirus, Firewalls, Proxies, DLP, Forensic Analysis, Malware analysis, SIEM, Cloud, and the content development lifecycle
Required: Advanced skill in analyzing log events for on prem and cloud technologies to facilitate development of cyber defense detections
Desired: Splunk Power User, CySA+, CASP+, CISSP or other related Information Security certifications
Desired: Bachelor degree in cybersecurity or related discipline
Desired: Advanced knowledge of IT security standards and frameworks (e.g., MITRE ATT&CK )