CYBERSECURITY THREAT DETECTION DEVELOPER WITH SECURITY CLEARANCE
Company: Capgemini Government Solutions
Location: Washington
Posted on: October 17, 2024
|
|
Job Description:
Capgemini Government Solutions (CGS) is seeking a highly
motivated Cyber Security Content Developer/ Cyber Threat Detection
Developer (Threat Detection Developer) for User Activity Monitoring
(UAM) to join our team to support our government clients. This role
requires a Content Developer to provide support for onsite Insider
Threat support services providing immediate investigation and
resolution. Any qualified Cyber Threat Detection Developer will
need to have an active Top-Secret clearance with SCI eligibility.
This role is an opportunity to apply and grow your skillset in
development work with a motivated and rapidly growing company,
working with a wide range of technology-forward clients, and
building CGS' capabilities. Job Responsibilities: Self-directed
team member who develops, implements, maintains, and supports SIEM
dashboards, reports, alerts, and knowledge objects
Create baselines, queries, dashboards, and visualization to support
customer requirements shared with the SecOps and operational teams
to identify trends, etc.
Manages and administers the tuning of rules, triggers, policies,
signatures, and custom content for specialized CND applications and
systems
Apply knowledge of regular expressions to create extractions and
apply working knowledge of Power Shell or other scripting
language(s)
Utilize knowledge of latest cyber threats and attack vectors to
develop and or maintain custom correlation rules from all indexed
sources to support continuous event monitoring and alerting
Participate in discussions to make recommendations on improving SOC
cyber visibility, process improvements, and reducing the incident
remediation period
Review all existing network event collections to determine if
relevant data is present and make technical recommendations to
develop or enhance alerting actions
Enhance customer's ability to accomplish mission initiatives by
delivering forward-thinking solutions that are not defined by
requirements
Author reports and/or interface with customers for ad-hoc
requests
Provide expert guidance and mentorship to junior analysts Required
Qualifications: US Citizen. Must have an active Top-Secret
clearance (SCI eligible)
Bachelor's degree in computer science, Information Technology, or a
related field, or equivalent work experience
Five years of experience in developing, implementing, and managing
SIEM correlation rules and content (such as Splunk, ArcSight,
Kibana, LogRhythm)
Experience with writing audit log parsers for SIEM data structures
such as ArcSight's CEF or Splunk's SPL
Advanced knowledge of TCP/IP (Transport protocols geared to Network
Engineering - Maybe change to encryption methods e.g. SSL/TLS and
PKI) protocols, experience configuring and implementing various
technical security solutions, extensive experience providing
analysis and trending of security log data from security
devices
Must have demonstrated the ability to tune the SIEM event
correlation rules and logic to filter out security events
associated with known and well-established network behavior, known
false positives, and/or known errors
Experience developing advanced correlation rules utilizing stats
and data models for cyber threat detection
Experience with Network Monitoring Tools such as proxy, load
balancing, IDS/IPS, and packet capturing tools
Experience in a scripting language (e.g. Bash, Powershell, etc) and
automating SOC processes/workflow
Experience implementing security methodologies and SOC
processes
Ability to effectively work independently and as a team member
Work experience with Security Operations Center (SOC) or Industry
Red Team
Facilitate excellent problem-solving, critical thinking, and
analytical skills with the ability to de-construct problems
Work experience with the Intelligence Community
Critical thinking skills
Must possess strong written and verbal communication skills and
must be capable of understanding, documenting, communicating, and
presenting technical issues in a non-technical manner to audiences
with varying degrees of technical expertise Preferred
qualifications: Highly Preferred to have an Active SCI
Splunk Enterprise Security Admin, Splunk Certified Developer
certification
Extensive experience with User activity monitoring (UAM) ,User
Entity Behavior Analytics (UEBA) and DLP tools
Expertise in developing Insider Threat trigger policies
Investigate and analyze events of interest within the SIEM,
document workflows, and identify process improvements in the
handling and remediation of cybersecurity events
8140.03 requirements?
Identifies and remediates visibility gaps of cyber defense
systems
Experience with Installing and administering COTS applications on
RHEL Linux and/or Windows
Hands-on experience with one of the enterprise cybersecurity
toolsets: HBSS/ESS , Trellix and ePolicy Orchestrator
Hands-on experience running Tenable or vulnerability
tracking/scanning systems
Other highly desired certifications: CEH , CYSA+ , GICSP, SSCP,
CND
Keywords: Capgemini Government Solutions, Leesburg , CYBERSECURITY THREAT DETECTION DEVELOPER WITH SECURITY CLEARANCE, IT / Software / Systems , Washington, Virginia
Click
here to apply!
|