Signature Writer
San Antonio, TX, United States
SMS Data Products Group, Inc.
SMS' Cloud and Platform Engineering team provides the expertise, partnership, and integrity to make cloud work for you. Read more about our Cloud and PlatformOverview
SMS is seeking a Signature Writer working at Lackland Air Force base in San Antonio, TX. The candidate will support our AFCERT customer in conducting its mission of Air Force (AF) Defensive Cyberspace Operations (DCO) for the AF and supported unified commands and their combatant commanders.
As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.
SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 45 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.
Submit your resume today!
Responsibilities
The Signature Writer shall: Develop, Test, Deploy, and Manage the development of commercial, and custom Host based and Network based IDS/IPS SIEM, SOAR signatures, rules, workflows, and dashboards. The Signature Writer shall leverage the Pyramid of Pain in the development of ALL signatures, with the intent to develop custom signatures related to the Tough and Challenging levels within the Pyramid.
- Analyze, interpret, and utilize Regular Expressions, YARA, and Snort-like capabilities in the creation of custom signature sets.
- Develop and document IPS/IDS SOPs.
- Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.
- Analyze deployed signatures to reduce false positive rate and perform signature maintenance.
- Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.
- Automate tasks using a common programming or scripting language.
- Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, PowerShell.
- Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems.
- Migrate, tune, and document existing and future AF signatures/detections to new tools and systems as they become available.
- Provide support to external units and work centers as directed approved by AFCERT leadership.
- Automate processes and procedures using scripts and SQL/database administration
- Provide training and knowledge transfer to government personnel as requested.
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures.
- Create, document, and report metrics for analysis to improve weapon system processes and mission execution.
Qualifications
Qualifications
- At least five years of progressively responsible Gov't IT experience.
- Individual must have high degree of skills with the MS Office toolsets.
- Applicant must possess refined critical thinking skills, should be a self-starter, may direct the activities of other team members, diplomatic, multi-task capable, adaptive to a dynamic environment, dependable and reliable. Prior experience in a government consulting services environment is required.
Certifications
GCFA or GCDA
Clearance
Must have and maintain an active DoD TS/SCI security clearance.
SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States.
SMS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation Bash Clearance DCO DoD Firewalls GCFA IDS IPS Linux PowerShell Python Scripting Security Clearance SIEM Snort SOAR SQL TS/SCI UNIX
Perks/benefits: Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.