Content Detection Engineer III

At Agile Defense we know that action defines the outcome and new challenges require new solutions. That’s why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.
Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility—leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation’s vital interests.
Requisition #: 737Job Title: Content Detection Engineer III Location: RemoteClearance Level: Active DoD - Top Secret SCI Salary Range: $98,000 - $147,000 
Required Certification(s): · Must have at least one of the following certifications: · SANS GIAC: GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH · EC Council: CEH, CHFI, LPT, ECSA · ISC2: CCFP, CCSP, CISSP CERT CSIH · Offensive Security: OSCP, OSCE, OSWP and OSEE 
SUMMARY Agile Defense is seeking a highly-experienced SIEM Content Developer to join our team that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff to one of our DHS. The SOC's primary responsible for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a shared DHS incident tracking system and other means of coordination and communication. 
The SIEM Content Developer will provide support during core business hours and will also participate in an on-call rotational schedule. 
JOB DUTIES AND RESPONSIBILITIES · Duties include proactively searching for threats. Inspect traffic for anomalies and new malware patterns. Investigate and analyze logs. Provide analysis and response to alerts when escalated from junior analysts, and document activity in SOC investigations and Security Event Notifications (SENs). Develop custom content within the SIEM using advanced SPL language and data models) or other network security tools to detect threats and attacks against the department. SIEM Content Developers participate in briefings to provide expert guidance on new threats and will act as an escalation point for M&A analysts. The analyst may also be required to author reports and/or interface with customers for ad-hoc requests. In addition, the SIEM Content Developer analyst may be asked to participate in discussions to make recommendations on improving SOC visibility or process. 
QUALIFICATIONSEducation, Background, and Years of Experience · Relevant BS degree plus 8+ years of experience in incident detection & response, malware analysis, or forensics or Bachelors degree in related field. 
ADDITIONAL SKILLS & QUALIFICATIONS Required Skills · Experience with creating and implementing custom IOCs and IOAs in Crowdstrike · Experience with triaging and investigating hosts using Crowdstrike · Experienced with updating McAfee AV signatures · Experience with creating and maintain custom Tanium packages for collecting artifacts for continuous monitoring · Provide recommendations for tuning and/or triaging notable events · Perform critical thinking and analysis to investigate cyber security alerts · Analyze network traffic using enterprise tools (e.g. Full PCAP, Firewall, Proxy logs, IDS logs, etc) · Collaborate with team members to analyze an alert or a threat · Stay up to date with latest threats and familiar with APT and common TTPs · Utilize OSINT to extrapolate data to pivot and identify malicious activity · Have experience with dynamic malware analysis · Have experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for response · Utilize the Cyber Kill Chain and synthesize the entire attack life cycle · Review and provide feedback to junior analysts’ investigation · Participate in discussions to make recommendations on improving SOC visibility or process · Contribute to SOP development and updating · Provide expert guidance and mentorship to junior analysts Preferred Skills · Provide expert content development in Splunk Enterprise Security using tstats and datamodels · Utilize knowledge of latest threats and attack vectors to develop Splunk correlation rules for continuous monitoring · Review logs to determine if relevant data is present to accelerate against datamodels to work with existing use cases · Capture use cases from subscribers or other team members and develop correlation rules · The ideal candidate is a self-motivated individual in pursuit of a career in cyber security. · Experienced with developing advanced correlation rules utilizing tstats and datamodels for cyber threat detection · Experienced with creating and maintaining Splunk knowledge objects · Experienced managing and maintaining Splunk data models · Expertise in developing custom SPL using macros, lookups, etc and network security signatures such as SNORT and YARA · Experience creating regex for pattern matching · Implemented security methodologies and SOC processes · Extensive knowledge about network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc) · Experienced with network topologies and network security devices (e.g. Firewall, IDS/IPS, Proxy, DNS, WAF, etc). · Hands-on experience utilizing network security tools (e.g. Sourcefire, Suricata, Netwitness, o365, FireEye, etc) and SIEM · Experience in a scripting language (e.g. Python, Powershell, etc) and automating SOC processes/workflow · Experience training and mentoring junior analysts · Extensive knowledge of common end user and web application attacks and countermeasures against attacks · Experience developing custom workflows within Splunk to streamline SOC processes · Experience creating SOPs and providing guidance to junior analysts · Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response · Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow · Experience with cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape · Knowledgeable of APT capabilities and be able to implement appropriate countermeasures 
WORKING CONDITIONS Environmental Conditions · Monday - Friday, business hours Strength Demands · Sedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met. Physical Requirements · Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; Stoop, Kneel, Crouch, or Crawl; See; Push or Pull; Climb (stairs, ladders) or Balance (ascend / descend, work atop, traverse). Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are.
Happy - Be Infectious.Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.
Helpful - Be Supportive.Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.
Honest - Be Trustworthy.Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.
Humble - Be Grounded.Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.
Hungry - Be Eager.Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.
Hustle - Be Driven.Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.
Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)