Cyber Security Detections Engineer
McIntire Solutions
Cyber Security Detections Engineer
Seeking a motivated, career and customer-oriented Cyber Security Engineer, Senior to join our team in Springfield, VA, area.
Responsibilities include, but are not limited to: • Support Cyber Operations Squadron (COS) activities to publish up-to-date cybersecurity tool signatures (e.g. anti-virus and host based security systems) • Provide focused analysis, including reverse malware engineering, against intrusion, anomalies, malware, viruses to identify critical information about source, intended target, affected systems or hosts, recommended mitigation measures and risk to mission • Formulate custom Security Information and Event Management (SIEM) tool content and IDS/IPS signatures to address threats • Performs security event and incident correlation using information gathered from a variety of sources within the enterprise • Analyzes and assesses damage to the data / infrastructure as a result of cyber incidents • Performs cyber incident trend analysis and reporting. • Characterizes and performs analysis of network traffic and system data to identify anomalous activity and potential threats to resources. • Provides detection, identification, and reporting of possible cyber-attacks/intrusions, anomalous activities, and misuse activities • Create and deploy threat-based signatures for operational intrusion detection capabilities. • Create and implement detection rules from intelligence reporting
Basic Qualifications: • Bachelor’s Degree or 4+ years of years of additional cyber experience in lieu of degree • 5+ years of experience in a cyber role • Experience with modern Windows, UNIX, network operating systems, databases, and virtual computing • DoD 8570 certification meeting IAT Level II ((GSEC, Security+, SSCP, or CCNASecurity)) required • CNDSP-A (GCIA, GCIH, or CEH) or CNDSP-IR (GCIH, CSIH, or CEH) certification required
Demonstrated Technical Experience: • Experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for signature development • Knowledge with implementation of counter-measures or mitigating controls. • Ability to support incident response and forensic operations as required to include static/dynamic malware analysis and reverse engineering • Experience with enterprise security tools, including Security information and event management (SIEM), Threat intelligence platforms (TIPs), or Network monitoring tools • Experience in creating, modifying, tuning, IDS signatures/SIEM correlation searches and other detection signatures
Preferred Qualifications: Proficient in Linux operating systems Advanced skills in Linux/Unix (command line user - proficient and used in last 6 months) Working knowledge of current COTS Cybersecurity technologies. Familiar with MITRE ATT&CK Framework
Security Clearance Requirements: • TS/SCI w/Poly
Physical Requirements: • Must be able to remain in a stationary position 50% • Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer • The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situation
Seeking a motivated, career and customer-oriented Cyber Security Engineer, Senior to join our team in Springfield, VA, area.
Responsibilities include, but are not limited to: • Support Cyber Operations Squadron (COS) activities to publish up-to-date cybersecurity tool signatures (e.g. anti-virus and host based security systems) • Provide focused analysis, including reverse malware engineering, against intrusion, anomalies, malware, viruses to identify critical information about source, intended target, affected systems or hosts, recommended mitigation measures and risk to mission • Formulate custom Security Information and Event Management (SIEM) tool content and IDS/IPS signatures to address threats • Performs security event and incident correlation using information gathered from a variety of sources within the enterprise • Analyzes and assesses damage to the data / infrastructure as a result of cyber incidents • Performs cyber incident trend analysis and reporting. • Characterizes and performs analysis of network traffic and system data to identify anomalous activity and potential threats to resources. • Provides detection, identification, and reporting of possible cyber-attacks/intrusions, anomalous activities, and misuse activities • Create and deploy threat-based signatures for operational intrusion detection capabilities. • Create and implement detection rules from intelligence reporting
Basic Qualifications: • Bachelor’s Degree or 4+ years of years of additional cyber experience in lieu of degree • 5+ years of experience in a cyber role • Experience with modern Windows, UNIX, network operating systems, databases, and virtual computing • DoD 8570 certification meeting IAT Level II ((GSEC, Security+, SSCP, or CCNASecurity)) required • CNDSP-A (GCIA, GCIH, or CEH) or CNDSP-IR (GCIH, CSIH, or CEH) certification required
Demonstrated Technical Experience: • Experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for signature development • Knowledge with implementation of counter-measures or mitigating controls. • Ability to support incident response and forensic operations as required to include static/dynamic malware analysis and reverse engineering • Experience with enterprise security tools, including Security information and event management (SIEM), Threat intelligence platforms (TIPs), or Network monitoring tools • Experience in creating, modifying, tuning, IDS signatures/SIEM correlation searches and other detection signatures
Preferred Qualifications: Proficient in Linux operating systems Advanced skills in Linux/Unix (command line user - proficient and used in last 6 months) Working knowledge of current COTS Cybersecurity technologies. Familiar with MITRE ATT&CK Framework
Security Clearance Requirements: • TS/SCI w/Poly
Physical Requirements: • Must be able to remain in a stationary position 50% • Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer • The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situation
Confirm your E-mail: Send Email
All Jobs from McIntire Solutions