Detection Engineer Analyst SME

Resource Management Concepts, Inc. (RMC) provides high-quality, professional services to government and commercial sectors. Our mission is to deliver exceptional management and technology solutions supporting the protection and preservation of the people and environment of the United States of America.

• The Detection Engineer Analyst SME will support the production of detection use cases.
• Analyze all completed incident records and make improvements to related detection use cases.
• Request refinements to correlation rules, filters, signatures, or plays to enhance overall effectiveness by lowering false-positive rates. Track and validate refinement requests and provide metrics on these activities monthly.
• Develop methods for automating the execution of incident detection use cases that result in false-positive rates below 10%. Provide monthly reports on new automation actions and their results.
• At the direction and under the supervision of Government personnel, validate the effectiveness of any plays created by emulating adversary tactics to trigger the necessary alerts (blue team). The Contractor will ensure authorization to conduct this activity is gained and maintained via the Government’s existing process prior to emulating adversary activity.
• Analyze SIEM views daily to ensure views support detection and response operations. Modify SIEM views to eliminate false-positive or unnecessary alerts.
• Analyze host and network-based events daily to identify and eliminate large numbers of false positive alerts.
• Utilize the MITRE ATT&CK matrix and other threat frameworks to develop detection use cases.  Continually refine these processes with the goal of automating their execution.
• Provide subject matter expertise in creation, editing, and management of signatures, rules and filters for specialized network defense systems including but not limited to network and ESS IDS, IPS, firewall, web application firewall, proxy and SIEM systems.

Requirements

Required

• Active TS/SCI (DoD TOP SECRET clearance with SCI eligibility) is required. Applicant selected will be subject to security investigation(s) and must maintain eligibility requirements for access to classified information.
• Bachelor’s Degree in Computer Science or IT-related field, OR at least five (5) years of demonstrated experience in supporting DCO and/or network systems and technology in lieu of a degree.
• DoD 8140.03 IAT Level III certification (CASP+, CCNP Security, CISA, CISSP or Associate, GCED, GCIH, CCSP).
• CSSP Infrastructure Support certification (Must have ONE of the following certs: CEH, CySA+ CE, GICSP, SSCP, CHFI, CFR, Cloud+ CE, CND) OR be able to obtain within 180 days.
• Five (5) years' experience with development and refinement of signatures, plays, policies, configurations, scripts, and indicators used to identify malicious or unauthorized activity via network and host-based detection on the Enterprise Network.
• Two (2) years' experience in a Security Operations Center (SOC) working with SIEM/SOAR and analyzing incidents created by both custom and vendor signatures.
• Experience writing signatures (KQL/Snort/ePO/Yara) for network and host IDS/IPS.
• Understanding of SIEM backend management (Data normalization, index management).
• Experience leading operations and maintenance support for an enterprise-level (minimum of 50k users) network.
• Knowledge of Windows OS, network traffic, and firewall operation.
• Host based security administration and maintenance.
• Security Orchestration and Automation.
• Data correlation.

Desired

• Microsoft Cloud Security training.
• Microsoft Azure and Microsoft Defender XDR.
• Microsoft Sentinel Ninja Training.
• Microsoft Defender For Endpoint Ninja Training. 
• Microsoft Defender For Identity Ninja Training.
• Microsoft SC-XXX Training (certifications).

“Salary at RMC is determined by various factors, including but not limited to location, a candidate's specific combination of education, knowledge, skills, competencies, and experience, as well as contract-specific requirements."

Benefits

At RMC, we're committed to your career growth! RMC differentiates itself from other firms through its investment in our employees. We invest our resources to train, certify, educate, and build our employees.

RMC can offer you a great place to work with a small company feel and give you the experience and certifications that will take your career to the next level. RMC also offers high-quality, low-deductible healthcare plans and a competitive 401K package.