Cyber Capability Developer SME

ECS is seeking a Cyber Capability Developer SME to work in our Redstone Arsenal, AL office.  Please Note: This position is contingent upon contract award.

ECS is seeking a highly skilled Cyber Capability Developer to support cybersecurity operations for the Federal Bureau of Investigation (FBI) in the ESOC. In this role, you will design, develop, and maintain cybersecurity automation, detection, and response capabilities, with a strong emphasis on leveraging Splunk for Security Information and Event Management (SIEM). This role collaborates with ESOC analysts and engineers to enhance security monitoring, incident response, and operational efficiency using Splunk and related technologies.

Key Responsibilities:

• Design, develop, and maintain custom security tools, scripts, and automated workflows to support ESOC operations, with a primary focus on Splunk SIEM integrations.
• Develop, upgrade, and enhance the enterprise SIEM strategy and implementation via Splunk, including data flow diagrams, log management, and alert feed architectures for seamless alert integration.
• Configure Splunk tools, settings, alerts, and notifications to improve security resilience, including implementation of Security Orchestration, Automation, and Response (SOAR) capabilities.
• Create and tune Splunk detection content, including correlation rules, dashboards, and reports for threat detection and compliance monitoring.
• Monitor and analyze security events and alerts in Splunk, conducting detailed investigations to identify and respond to potential security incidents.
• Collaborate with incident response teams, providing technical expertise and developing new detection and response capabilities within Splunk.
• Document development efforts, including system design, standard operating procedures, and user guides for Splunk-based solutions.
• Stay current with emerging cybersecurity threats, trends, and SIEM best practices, and recommend innovative solutions for ESOC integration.
• Mentor junior team members on Splunk development, SIEM best practices, and security automation.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience).
• Minimum 15 years IT experience, with at least 10 years in cybersecurity and 5 years of hands-on experience with Splunk.
• Strong proficiency in scripting or programming languages (e.g., Python, PowerShell) for Splunk automation and integration.
• Experience developing and tuning SIEM use cases, correlation rules, and alerts in Splunk.
• Solid understanding of network protocols, system logs, and security event correlation.
• Experience working with incident response teams for triage and analysis using Splunk.
• Splunk SIEM architecture and administration
• Security automation and orchestration
• Custom tool and script development for Splunk
• Incident detection and response support using Splunk
• Threat and vulnerability analysis
• Documentation and process improvement